Solved: NAT problem on Router - Page 2

sravesteijn · ‎11-10-2011

Hello,

I have a problem with configuring policy NAT on a Cisco router which has only one public IP address.

This IP address is used in a static NAT to allow the LAN firewall to connect to the internet.

This works okay.

Now the IP address 9.9.9.9 needs to connect to the real IP 198.10.20.1, so it must not be natted.

I have tried to accomplish this with a route-map but it doesn’t work.

Is there another way to make sure that these connection are not natted?

interface FastEthernet0/0

ip address 198.10.20.1 255.255.255.252

ip nat outside

!

interface FastEthernet0/1

ip address 192.168.1.1 255.255.255.0

ip nat inside

!

ip route 0.0.0.0 0.0.0.0 198.10.20.2

ip nat inside source static 192.168.1.10 198.10.20.1 route-map policy-nat

!

ip access-list standard no-nat

deny 9.9.9.9

permit any

!

route-map policy-nat permit 10

match ip address no-nat

Latchum Naidu · ‎11-11-2011

Hi,

I have observed that the problem here is your global NAT IP and your static NAT IP's are same.
Change your global NAT and then try to keep only a single nat statement like i gave in my previous post.

Please rate the helpfull posts.
Regards,
Naidu.

sravesteijn · ‎11-11-2011

Hi Naidu,

Yes but I wil need 2 public IP addresses for that.

This consumer ADSL line only gets one IP address.

I guess there is no other solution for this problem on Cisco routers when having only a single public IP address.

I know it can be done with the ASA firewall which has more advanced natting capabilities.

Latchum Naidu · ‎11-11-2011

Hi,

That was giving me the same thought.

Please rate the helpfull posts.
Regards,
Naidu.

sravesteijn · ‎11-11-2011

Thanks for your help on this matter!