NAT + Route-map


Interesting scenario, Company A’s router needs to allow the following IPs from a public address of to access 2 servers on the LAN and via port 9101.

It is not your typical static NAT, nor dynamic NAT would work and definitely not PAT or NAT overload. So what I did is create a route-map where in I created an extended access-list permitting only the public ip on tcp 9101. Then did a static nat to each server within the LAN and using the route-map as the allowed external source.

extended IP access list NAT
10 permit tcp any eq 9101

route-map NAT permit 10
match ip address NAT

ip nat inside source static route-map NAT
ip nat inside source statcie route-map NAT

Interface g0/0 <WAN INTERFACE>
ip nat outside
interface g0/1 <LAN INTERFACE>
ip nat inside

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s