02-28-2012 06:09 AM - edited 03-07-2019 05:14 AM
Hi,
I have a router with a static one to one translation. Example below:
ip nat inside source static 192.168.3.200 87.77.77.77
This works fine as expected. My issue is that I have a VPN going to this particular router from a 192.168.1.x range. They need access to the "192.168.3.200" IP address but due to the static translation they cannot get to it. They effectivly have to bypass the VPN and go to the public IP instead.
Is there a way to setup the static translation so people coming from the "192.168.3.200" will ignore it?
Thanks
Andy
Solved! Go to Solution.
03-04-2012 10:01 PM
Hello. You should use a "route-map" specifying what traffic will trigger the NAT.
For example :
ip nat inside source static 192.168.3.200 87.77.77.77 route-map NAT
ip access-list extended NAT-ACL deny ip host 192.168.3.200 192.168.1.0 0.0.0.255 <<< means do not NAT when 192.168.3.200 goes to 192.168.1.x permit ip host 192.168.3.200 any deny ip any any
route-map NAT permit 10 match ip address NAT-ACL |
You will find more examples here https://supportforums.cisco.com/docs/DOC-5061
Please rate if it helps. Kind regards
03-04-2012 10:01 PM
Hello. You should use a "route-map" specifying what traffic will trigger the NAT.
For example :
ip nat inside source static 192.168.3.200 87.77.77.77 route-map NAT
ip access-list extended NAT-ACL deny ip host 192.168.3.200 192.168.1.0 0.0.0.255 <<< means do not NAT when 192.168.3.200 goes to 192.168.1.x permit ip host 192.168.3.200 any deny ip any any
route-map NAT permit 10 match ip address NAT-ACL |
You will find more examples here https://supportforums.cisco.com/docs/DOC-5061
Please rate if it helps. Kind regards
03-06-2012 04:59 AM
Thanks Eduardo,
That did the trick. Much appreciated
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide