Exclude one IP from nat pool

newtwork1 · ‎01-24-2011

Is there a way to exclude one address in the middle of the range from the NAT pool? When I create 2 pools eliminating the excluded IP in the middle, and apply both pools to the same the second "ip nat inside" statement rewrites the previous statement.

In the example below I'm trying to exclude 1.1.1.6

ip access-list ext NAT_Allow

permit ip 192.168.0.0 255.255.255.0 any

ip nat pool Eagle0 1.1.1.1 1.1.1.5 prefix-length 24

ip nat pool Eagle1 1.1.1.7 1.1.1.250 prefix-length 24

ip nat inside source list NAT_Allow pool Eagle0

ip nat inside source list NAT_Allow pool Eagle1 <--When I do this the IP NAT INSIDE statement gets rewritten to Eagle1 and Eagle0 is removed

Thanks for the help

Newt

ajay chauhan · ‎01-24-2011

Not sure about excluding one IP but might be you are looking fo

r this.

http://www.cisco.com/en/US/tech/tk648/tk361/technologies_tech_note09186a0080093fca.shtml

Thanks

Ajay

newtwork1 · ‎01-24-2011

Ajay,

Thanks for the reply, but I don't think that will work. Using route-maps I could map two ACLs to one pool, but I'm looking to map two pools to one ACL (or exclude the single IP from the NAT pool range).

From what I've found, I will probably have to split the pool up and create two ACLs. One ACL for each side of the IP I can't use. I'm sure this is an uncommon scenario, but I would think there would be a command like the IP DHCP EXCLUDE.

Thanks for the response

Newt

cadet alain · ‎01-24-2011

Hi,

Try this:

ip nat inside source list NAT_Allow1 pool Eagle0

ip nat inside source list NAT_Allow2 pool Eagle1

and create 2 ACLs for the natting instead of 1 splitting your inside hosts in 2

Regards.

Alain.

Don't forget to rate helpful posts.