Re: NAT in IOS static but bypass for direct access

cmccready · ‎04-15-2009

my company wants to have it's cake and eat it too. we are migrating an application from a legacy host system to a new host system. at a remote site, we want some users to telnet to the legacy ip address (244) and be redirected to the new ip address (144). we also want some users at the same remote site to be able to telnet directly to the new host system (144). if i implement a simple ip nat static, the first part (redirection) works fine but the second part (direct connect) fails. I understand why this is happening, but how do i get around it?

site A - subnet 172.20.14.0/24

host legacy 172.20.14.244

host new 172.20.14.144

remote site b - subnet 172.20.160.0/24

host joe 172.20.160.21

connect2world · ‎04-15-2009

Would putting an deny to those ip you wish to exclude from your nat access-list do the job?

cmccready · ‎04-16-2009

not sure ... I thought that the deny would be implied and that only the 'permit'-d addresses would be nat'd

i tested a new set of configs today and was able to get direct traffic to avoid the nat by policy-routing it out another interface. it's ugly but it works

connect2world · ‎04-16-2009

Yes you are correct.I have not thought of that! You could have assign ip address to those device which need direct connection, out of the nating access-list range. This way I think might also achieve what you need.

daybreak001 · ‎04-16-2009

Router# show proce cpu

CPU utilization for five seconds: 2%/0%; one minute: 5%; five minutes: 5%