cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
6105
Views
2
Helpful
18
Replies

NAT problem on Router

sravesteijn
Level 1
Level 1

Hello,

I have a problem with configuring policy NAT on a Cisco router which has only one public IP address.

This IP address is used in a static NAT to allow the LAN firewall to connect to the internet.

This works okay.

Now the IP address 9.9.9.9 needs to connect to the real IP 198.10.20.1, so it must not be natted.

I have tried to accomplish this with a route-map but it doesn’t work.

Is there another way to make sure that these connection are not natted?

interface FastEthernet0/0

ip address 198.10.20.1 255.255.255.252

ip nat outside

!

interface FastEthernet0/1

ip address 192.168.1.1 255.255.255.0

ip nat inside

!

ip route 0.0.0.0 0.0.0.0 198.10.20.2

ip nat inside source static 192.168.1.10 198.10.20.1 route-map policy-nat

!

ip access-list standard no-nat

deny   9.9.9.9

permit any

!

route-map policy-nat permit 10

match ip address no-nat

18 Replies 18

Hi,

I have observed that the problem here is your global NAT IP and your static NAT IP's are same.
Change your global NAT and then try to keep only a single nat statement like i gave in my previous post.


Please rate the helpfull posts.
Regards,
Naidu.

Hi Naidu,

Yes but I wil need 2 public IP addresses for that.

This consumer ADSL line only gets one IP address.

I guess there is no other solution for this problem on Cisco routers when having only a single public IP address.

I know it can be done with the ASA firewall which has more advanced natting capabilities.

Hi,

That was giving me the same thought.


Please rate the helpfull posts.
Regards,
Naidu.

Thanks for your help on this matter!