04-15-2009 05:56 PM - edited 03-04-2019 04:23 AM
my company wants to have it's cake and eat it too. we are migrating an application from a legacy host system to a new host system. at a remote site, we want some users to telnet to the legacy ip address (244) and be redirected to the new ip address (144). we also want some users at the same remote site to be able to telnet directly to the new host system (144). if i implement a simple ip nat static, the first part (redirection) works fine but the second part (direct connect) fails. I understand why this is happening, but how do i get around it?
site A - subnet 172.20.14.0/24
host legacy 172.20.14.244
host new 172.20.14.144
remote site b - subnet 172.20.160.0/24
host joe 172.20.160.21
04-15-2009 06:52 PM
Would putting an deny to those ip you wish to exclude from your nat access-list do the job?
04-16-2009 04:28 PM
not sure ... I thought that the deny would be implied and that only the 'permit'-d addresses would be nat'd
i tested a new set of configs today and was able to get direct traffic to avoid the nat by policy-routing it out another interface. it's ugly but it works
04-16-2009 06:05 PM
Yes you are correct.I have not thought of that! You could have assign ip address to those device which need direct connection, out of the nating access-list range. This way I think might also achieve what you need.
04-16-2009 10:53 PM
Router# show proce cpu
CPU utilization for five seconds: 2%/0%; one minute: 5%; five minutes: 5%
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide