Tag Archives: PBR

Cisco PBR with routed IP block

In situations where customers have a routed block, sometimes traffic is required to originate from particular IP addresses within that block. In the example below, we will assume the internal host, 10.0.0.168 is required to go out public IP 203.44.44.44.

1. Create ACL and Route-map

ip access-list extended TESTacl

permit ip host 10.0.0.168

 

route-map TESTmap permit 10

match ip address TESTacl

2. Create NAT pool

ip nat pool TESTpool 203.44.44.44 203.44.44.44 netmask 255.255.255.252

3. Create NAT statement

ip nat inside source route-map TESTmap pool TESTpool overload

4. Deny host from original NAT statement; let’s assume we have an ACL CORP-LAN which has a simple permit 10.0.0.0 0.0.0.255 any (line 10), the ACL would be modified to read:

deny 10.0.0.168

permit 10.0.0.0 0.0.0.255

 

To test; you can perform a simple whatismyip or if you’d like to ensure certain ports are going out the right WAN IP, you can telnet to another Cisco unit and check the NAT translations.

Advertisements
Tagged , ,