Configuring NAT for Overlapping Addresses

Configuring NAT for Overlapping Addresses
Configuring NAT for overlapping address translation is similar to configuring dynamic NAT.
The difference is you must create and apply a pool of IP addresses for the traffic to the inside
of the network, as well as a pool for the outbound traffic.
You still need to create an access list to identify the traffic to NAT, but you need to create a
second pool. Then you need to use the ip nat outside source command to tie the access list
and second pool to NAT traffic coming from the outside interface. The syntax is the same for
ip nat outside source as it is for ip nat inside source:
ip nat outside source list acc-list pool pool-name
The following illustrates the commands used for configuring NAT for overlapping addresses:
Border(config)#access-list 12 permit 10.1.1.0 0.0.0.255
Border(config)#ip nat pool INSIDEPOOL 200.1.1.2 200.1.1.254 netmask
➥255.255.255.0
Border(config)#ip nat pool OUTSIDEPOOL 10.1.2.1 10.1.2.254 prefix-length 24
Configuring NAT 95
Border(config)#ip nat inside source list 12 pool INSIDEPOOL
Border(config)#ip nat outside source list 12 pool OUTSIDEPOOL
Border(config)#
The effect of this configuration is that any outbound packet with an inside local address in
the 10.1.1.0 subnet will be translated to an address from the inside global range of 200.1.1.2
to 200.1.1.254. This will make sure that no 10.1.1.0 addresses make it off of the inside network,
thus avoiding any conflicts with the outside overlapping network. Conversely, any inbound
packet with an outside global address that is found to be a duplicate of the inside local subnet
10.1.1.0 will be translated to an outside local address in the range 10.1.2.1 to 10.1.2.254, thus
avoiding any conflict with inside local address space.