https://community.cisco.com/t5/routing-and-sd-wan/nat-in-ios-static-but-bypass-for-direct-access/m-p/1219601#M112584 <P>my company wants to have it's cake and eat it too. we are migrating an application from a legacy host system to a new host system. at a remote site, we want some users to telnet to the legacy ip address (244) and be redirected to the new ip address (144). we also want some users at the same remote site to be able to telnet directly to the new host system (144). if i implement a simple ip nat static, the first part (redirection) works fine but the second part (direct connect) fails. I understand why this is happening, but how do i get around it?</P><P></P><P></P><P>site A - subnet 172.20.14.0/24</P><P>host legacy 172.20.14.244</P><P>host new 172.20.14.144</P><P></P><P>remote site b - subnet 172.20.160.0/24</P><P>host joe 172.20.160.21</P> Mon, 04 Mar 2019 12:23:09 GMT cmccready 2019-03-04T12:23:09Z https://community.cisco.com/t5/routing-and-sd-wan/nat-in-ios-static-but-bypass-for-direct-access/m-p/1219601#M112584 <P>my company wants to have it's cake and eat it too. we are migrating an application from a legacy host system to a new host system. at a remote site, we want some users to telnet to the legacy ip address (244) and be redirected to the new ip address (144). we also want some users at the same remote site to be able to telnet directly to the new host system (144). if i implement a simple ip nat static, the first part (redirection) works fine but the second part (direct connect) fails. I understand why this is happening, but how do i get around it?</P><P></P><P></P><P>site A - subnet 172.20.14.0/24</P><P>host legacy 172.20.14.244</P><P>host new 172.20.14.144</P><P></P><P>remote site b - subnet 172.20.160.0/24</P><P>host joe 172.20.160.21</P> Mon, 04 Mar 2019 12:23:09 GMT https://community.cisco.com/t5/routing-and-sd-wan/nat-in-ios-static-but-bypass-for-direct-access/m-p/1219601#M112584 cmccready 2019-03-04T12:23:09Z https://community.cisco.com/t5/routing-and-sd-wan/nat-in-ios-static-but-bypass-for-direct-access/m-p/1219602#M112585 <HTML><HEAD></HEAD><BODY><P>Would putting an deny to those ip you wish to exclude from your nat access-list do the job?</P></BODY></HTML> Thu, 16 Apr 2009 01:52:17 GMT https://community.cisco.com/t5/routing-and-sd-wan/nat-in-ios-static-but-bypass-for-direct-access/m-p/1219602#M112585 connect2world 2009-04-16T01:52:17Z https://community.cisco.com/t5/routing-and-sd-wan/nat-in-ios-static-but-bypass-for-direct-access/m-p/1219603#M112586 <HTML><HEAD></HEAD><BODY><P>not sure ... I thought that the deny would be implied and that only the 'permit'-d addresses would be nat'd</P><P></P><P>i tested a new set of configs today and was able to get direct traffic to avoid the nat by policy-routing it out another interface. it's ugly but it works</P></BODY></HTML> Thu, 16 Apr 2009 23:28:28 GMT https://community.cisco.com/t5/routing-and-sd-wan/nat-in-ios-static-but-bypass-for-direct-access/m-p/1219603#M112586 cmccready 2009-04-16T23:28:28Z https://community.cisco.com/t5/routing-and-sd-wan/nat-in-ios-static-but-bypass-for-direct-access/m-p/1219604#M112587 <HTML><HEAD></HEAD><BODY><P>Yes you are correct.I have not thought of that! You could have assign ip address to those device which need direct connection, out of the nating access-list range. This way I think might also achieve what you need.</P></BODY></HTML> Fri, 17 Apr 2009 01:05:40 GMT https://community.cisco.com/t5/routing-and-sd-wan/nat-in-ios-static-but-bypass-for-direct-access/m-p/1219604#M112587 connect2world 2009-04-17T01:05:40Z https://community.cisco.com/t5/routing-and-sd-wan/nat-in-ios-static-but-bypass-for-direct-access/m-p/1219605#M112588 <HTML><HEAD></HEAD><BODY><P></P><P>Router# show proce cpu</P><P>CPU utilization for five seconds: 2%/0%; one minute: 5%; five minutes: 5%</P><P> </P><P></P><P></P><P></P></BODY></HTML> Fri, 17 Apr 2009 05:53:44 GMT https://community.cisco.com/t5/routing-and-sd-wan/nat-in-ios-static-but-bypass-for-direct-access/m-p/1219605#M112588 daybreak001 2009-04-17T05:53:44Z