1. Home
  2. Cisco Systems
  3. NAT Multicast question

NAT Multicast question

I want to know if it is possible to NOT translate a the multicasting from address 172.24.2.34 but at the same time translate the unicast portion.

I have some hosts that require the multicast stream to show the source address of 172.24.2.34 but, at the same time I need to be able to use NAT to get to the Internet for the rest of the address.

Any help would be appreciated. I've been checking over Cisco's site and haven't found out whether or not this is even possible or if there is a specific name for what I am trying to do.

Thanks, Travis

Reply to
tsvanduyn
Loading thread data ...

You did not mention the platform or software revision.

Generally speaking, this sounds like a job for a policy nat.

You would use two nat translations, the first of which translated 172.24.2.34 to itself if an ACL was matched, with the ACL being something along the lines of

access-list 100 permit host 172.24.2.34 224.0.0.0 15.255.255.255 access-list 100 permit host 172.24.2.34 240.0.0.0 0.255.255.255

(or, better yet, restrict the ACL to matching only the multicast range that you will actually use.)

The second ACL, for the second policy nat, could be

access-list 100 permit host 172.24.2.34 any

because all the traffic that was not to be natted would already have been diverted by the first nat.

Reply to
Walter Roberson

Actually you should not need to use NAT to translate 172.24.2.34 to itself because any packets that don't meet the NAT criteria (as specified by the ACL or route map or the static translation) will be routed without any translation. So, all you need is an ACL that has one entry to deny any flows from 172.24.2.34 to the multicast groups you have and another one to allow 172.24.2.34 to any destination addresses (in that order). Then use that ACL directly in the "ip nat inside source list" command or use it via a route-map. That will cause only flows from 172.24.2.34 not destined to any multicast addresses to be NATed.

Note that if you are using static translation right now using "ip nat inside source static", you don't necessarily have to switch to using dynamic translation using ACLs or route maps. In more recent images there is now the ability to use route maps in conjunction with static NAT to achieve what you want. Here is the link for that feature in case you are using static NAT and need to use this

formatting link
Cisco da Gama
formatting link

Reply to
ciscodagama

Thanks for your reply. I was able to try what you said and found out what I was doing wrong. I used tcp and udp in the statement access-list 100 permit UDP .... instead of access-list 100 permit IP. I should have been using IP the whole time. Thank you again for your assistance.

Reply to
tsvanduyn

There were at least two responses, which one are you referring to when you say "what you said"? Please include context in replies so that readers know what you're talking about. Since you use Google Groups, see:

formatting link

Reply to
Barry Margolin

That depends on what the original poster's platform is, which was unspecified. If it is PIX 6.3, then Cisco indicates that you must not mix a static NAT and a policy NAT for the same IP. In PIX 6.x, packets that do not meet any static or NAT will be dropped, not routed.

Reply to
Walter Roberson

Thanks for the clarification. I was assuming this was a Cisco router running IOS. I am not familiar with the PIX and so that possibility did not occur to me at all!

Cisco da Gama

formatting link

Reply to
ciscodagama

Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.