NAT

gousers99 · ‎03-14-2006

Can a range of IPs be excuded from NAT?

pkhatri · ‎03-14-2006

It certainly can. When you configure NAT, you can specify an access-list that includes all addresses that you want translated. Anything outside of this range will NOT be translated.

Hope that helps - pls rate the post if it does.

Paresh

gousers99 · ‎03-14-2006

I think I follow.

Below is our setup. What we'd like to do is have range 192.168.20.0 - 192.168.22.0 exluded from NAT.

Thanks.

interface Vlan10

description UMC

ip address 192.168.10.254 255.255.0.0

ip nat inside

interface Vlan199

description INET

ip address 172.16.1.254 255.255.255.0

ip nat outside

ip nat pool ovrld 192.168.10.1 192.168.10.1 prefix-length 24

ip nat inside source list 7 pool ovrld overload

pkhatri · ‎03-14-2006

You can use the following to achieve that -

access-list 7 deny 192.168.20.0 0.0.0.255

access-list 7 deny 192.168.21.0 0.0.0.255

access-list 7 deny 192.168.22.0 0.0.0.255

access-list 7 permit any

That should do it...

Hope that helps - pls rate the post if it does.

Paresh

gousers99 · ‎03-14-2006

Is this going to block the IPs altogether?

I don't want to block them, I just need them to not be NATed.

Thanks for your replies

pkhatri · ‎03-14-2006

Hi,

That access-list (number 7) will only impact what gets NATed - it will still allow all traffic through, it just won't NAT it.

Hope that helps - pls rate the post if it does.

Paresh

jackko · ‎03-14-2006

ip nat inside source route-map nonat interface overload

access-list 101 deny ip host 192.168.1.1 any

access-list 101 deny ip host 192.168.1.2 any

access-list 101 deny ip host 192.168.1.3 any

access-list 101 deny ip host 192.168.1.4 any

access-list 101 deny ip host 192.168.1.5 any

access-list 101 permit ip 192.168.1.0 0.0.0.255 any

route-map nonat permit 10

match ip address 101