cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
639
Views
0
Helpful
2
Replies

Static one to one translation issues

Hi,

I have a router with a static one to one translation. Example below:

ip nat inside source static 192.168.3.200 87.77.77.77

This works fine as expected. My issue is that I have a VPN going to this particular router from a 192.168.1.x range. They need access to the "192.168.3.200" IP address but due to the static translation they cannot get to it. They effectivly have to bypass the VPN and go to the public IP instead.

Is there a way to setup the static translation so people coming from the "192.168.3.200" will ignore it?

Thanks

Andy

1 Accepted Solution

Accepted Solutions

Eduardo Aliaga
Level 4
Level 4

Hello. You should use a "route-map" specifying what traffic will trigger the NAT.

For example :

ip nat inside source static 192.168.3.200 87.77.77.77 route-map NAT

ip access-list extended NAT-ACL

  deny ip host 192.168.3.200 192.168.1.0 0.0.0.255 <<< means do not NAT when 192.168.3.200 goes to 192.168.1.x

  permit ip host 192.168.3.200 any

  deny ip any any

route-map NAT permit 10

  match ip address NAT-ACL

You will find more examples here https://supportforums.cisco.com/docs/DOC-5061

Please rate if it helps. Kind regards

View solution in original post

2 Replies 2

Eduardo Aliaga
Level 4
Level 4

Hello. You should use a "route-map" specifying what traffic will trigger the NAT.

For example :

ip nat inside source static 192.168.3.200 87.77.77.77 route-map NAT

ip access-list extended NAT-ACL

  deny ip host 192.168.3.200 192.168.1.0 0.0.0.255 <<< means do not NAT when 192.168.3.200 goes to 192.168.1.x

  permit ip host 192.168.3.200 any

  deny ip any any

route-map NAT permit 10

  match ip address NAT-ACL

You will find more examples here https://supportforums.cisco.com/docs/DOC-5061

Please rate if it helps. Kind regards

Thanks Eduardo,

That did the trick. Much appreciated

Review Cisco Networking for a $25 gift card