Solved: static NAT with route map to exclude VPN

tato386 · ‎12-10-2009

We are having problems accessing some static NATted IPs over a VPN. After doing some research, we learned you need to exclude traffic destined for the VPN from the static NAT using a route-map. So we did this:

10.1.1.x is the VPN IP pool.

access-list 130 deny ip 192.168.1.0 0.0.0.255 10.1.1.0 0.0.0.255
access-list 130 permit ip 192.168.1.0 0.0.0.255 any

route-map nonat permit 10
match ip address 130

ip nat inside source static 192.168.1.5 1.1.1.1 route-map nonat

The above worked to fix the VPN issue but the 192.168.1.5 IP is no longer available publicly via 1.1.1.1. What seems to happen is that the static NAT is not really working and this IP is being NATted with the PAT IP.

Any ideas on how to get this to work?

Thanks,
Diego

Laurent Aubert · ‎12-11-2009

Hi,

The following example details exactly your case:

http://www.cisco.com/en/US/tech/tk583/tk372/technologies_configuration_example09186a0080094634.shtml

Try replacing the 192.168.1.0 subnet by the host address.

It should work

HTH

Laurent.

View solution in original post

Laurent Aubert · ‎12-11-2009

Hi,

The following example details exactly your case:

http://www.cisco.com/en/US/tech/tk583/tk372/technologies_configuration_example09186a0080094634.shtml

Try replacing the 192.168.1.0 subnet by the host address.

It should work

HTH

Laurent.

tato386 · ‎12-14-2009

Thanks for the link. Will try and let you know.

Rgds,

Diego

tato386 · ‎12-14-2009

Got it working! Thanks for the link.

Diego