Nat 0 problem

Answered Question
Jun 11th, 2007
User Badges:

Hi,


nat (inside) 1 access-list internet

global (outside) 1 interface

nat (inside) 0 access-list no_nat



access-list internet permit ip object-group internet any

Object-group network internet

host 10.10.1.1


access-list no_nat permit ip object-group no_nat any

Object-group network no_nat

network 10.10.1.0


static (inside,outside) 192.168.1.1 10.10.1.1



I need a static translation for ip 10.10.1.1. Because remote users want to connect to that server's tcp ports (22,80)


But i can't do that because ip 10.10.1.1 belongs to pool 10.10.1.0, which is indicated in nat 0. And as i know Nat 0 has highest priority than dynamic and static nat. I can't remove 10.10.1.0 from nat 0 also. So what alternate solution can be in this case?


thanks a lot.

Correct Answer by acomiskey about 9 years 11 months ago

I think this will do it...


access-list no_nat deny ip host 10.10.1.1 any

access-list no_nat permit ip object-group no_nat any

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
anandramapathy Mon, 06/11/2007 - 02:18
User Badges:
  • Bronze, 100 points or more

Why do you want nat (inside) 0 access-list no_nat ?


Leo_Stobbe Mon, 06/11/2007 - 02:33
User Badges:

Because i have the router which is performing the nat.

Correct Answer
acomiskey Mon, 06/11/2007 - 04:58
User Badges:
  • Green, 3000 points or more

I think this will do it...


access-list no_nat deny ip host 10.10.1.1 any

access-list no_nat permit ip object-group no_nat any

Actions

This Discussion