In situations where customers have a routed block, sometimes traffic is required to originate from particular IP addresses within that block. In the example below, we will assume the internal host, 10.0.0.168 is required to go out public IP 220.127.116.11.
1. Create ACL and Route-map
ip access-list extended TESTacl
permit ip host 10.0.0.168
route-map TESTmap permit 10
match ip address TESTacl
2. Create NAT pool
ip nat pool TESTpool 18.104.22.168 22.214.171.124 netmask 255.255.255.252
3. Create NAT statement
ip nat inside source route-map TESTmap pool TESTpool overload
4. Deny host from original NAT statement; let’s assume we have an ACL CORP-LAN which has a simple permit 10.0.0.0 0.0.0.255 any (line 10), the ACL would be modified to read:
permit 10.0.0.0 0.0.0.255
To test; you can perform a simple whatismyip or if you’d like to ensure certain ports are going out the right WAN IP, you can telnet to another Cisco unit and check the NAT translations.