11-10-2011 12:56 AM - edited 03-04-2019 02:13 PM
Hello,
I have a problem with configuring policy NAT on a Cisco router which has only one public IP address.
This IP address is used in a static NAT to allow the LAN firewall to connect to the internet.
This works okay.
Now the IP address 9.9.9.9 needs to connect to the real IP 198.10.20.1, so it must not be natted.
I have tried to accomplish this with a route-map but it doesn’t work.
Is there another way to make sure that these connection are not natted?
interface FastEthernet0/0
ip address 198.10.20.1 255.255.255.252
ip nat outside
!
interface FastEthernet0/1
ip address 192.168.1.1 255.255.255.0
ip nat inside
!
ip route 0.0.0.0 0.0.0.0 198.10.20.2
ip nat inside source static 192.168.1.10 198.10.20.1 route-map policy-nat
!
ip access-list standard no-nat
deny 9.9.9.9
permit any
!
route-map policy-nat permit 10
match ip address no-nat
Solved! Go to Solution.
11-11-2011 04:02 AM
Hi,
I have observed that the problem here is your global NAT IP and your static NAT IP's are same.
Change your global NAT and then try to keep only a single nat statement like i gave in my previous post.
Please rate the helpfull posts.
Regards,
Naidu.
11-11-2011 04:40 AM
Hi Naidu,
Yes but I wil need 2 public IP addresses for that.
This consumer ADSL line only gets one IP address.
I guess there is no other solution for this problem on Cisco routers when having only a single public IP address.
I know it can be done with the ASA firewall which has more advanced natting capabilities.
11-11-2011 04:57 AM
Hi,
That was giving me the same thought.
Please rate the helpfull posts.
Regards,
Naidu.
11-11-2011 06:07 AM
Thanks for your help on this matter!
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide