NAT + Route-map

nat

Interesting scenario, Company A’s router needs to allow the following IPs from a public address of 203.1.1.0/24 to access 2 servers on the LAN 192.168.1.2 and 192.168.1.3 via port 9101.

It is not your typical static NAT, nor dynamic NAT would work and definitely not PAT or NAT overload. So what I did is create a route-map where in I created an extended access-list permitting only the public ip on tcp 9101. Then did a static nat to each server within the LAN and using the route-map as the allowed external source.

extended IP access list NAT
10 permit tcp 203.1.1.0 0.0.0.255 any eq 9101

route-map NAT permit 10
match ip address NAT

ip nat inside source static 192.168.1.2 route-map NAT
ip nat inside source statcie 192.168.1.3 route-map NAT

Interface g0/0 <WAN INTERFACE>
ip nat outside
interface g0/1 <LAN INTERFACE>
ip nat inside

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s