In my previous post, Router URL Filtering using NBAR, I explained how it was possible to block users from accessing websites simply by using NBAR, a class-map and a policy-map.

In this post I’ll describe how you can redirect your users’ web requests instead of simply blocking them. This time we’ll use NAT instead of NBAR.

For this example, let’s say you’d prefer everyone on your network to use Google instead of Yahoo, so every time someone goes to, they’ll be re directed to

To do this, you’ll need to obtain the web server IP addresses for both Yahoo and Google. This can be done easily enough with a ping:

Pinging [] with 32 bytes of data:
Pinging [] with 32 bytes of data:

Now all we’ll need to do is put these two IP addresses in to a single NAT entry and we’re done, like so:

ip nat outside source static

As mentioned in previous post however, using IP addresses instead of domain names is not ideal as large websites such as Google, YouTube, etc, use multiple IP addresses for their websites and therefore the above method will not get you a 100% success rate.

As always, if you have any questions or have a topic that you would like me to discuss, please feel free to post a comment at the bottom of this blog entry, e-mail at, or drop me a message on Reddit (OzNetNerd).

Note: The opinions expressed in this blog are my own and not those of my employer.

Leave a comment