Nat 0 problem

Answered Question
Jun 11th, 2007

Hi,

nat (inside) 1 access-list internet

global (outside) 1 interface

nat (inside) 0 access-list no_nat

access-list internet permit ip object-group internet any

Object-group network internet

host 10.10.1.1

access-list no_nat permit ip object-group no_nat any

Object-group network no_nat

network 10.10.1.0

static (inside,outside) 192.168.1.1 10.10.1.1

I need a static translation for ip 10.10.1.1. Because remote users want to connect to that server's tcp ports (22,80)

But i can't do that because ip 10.10.1.1 belongs to pool 10.10.1.0, which is indicated in nat 0. And as i know Nat 0 has highest priority than dynamic and static nat. I can't remove 10.10.1.0 from nat 0 also. So what alternate solution can be in this case?

thanks a lot.

I have this problem too.
0 votes
Correct Answer by acomiskey about 9 years 6 months ago

I think this will do it...

access-list no_nat deny ip host 10.10.1.1 any

access-list no_nat permit ip object-group no_nat any

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
Correct Answer
acomiskey Mon, 06/11/2007 - 04:58

I think this will do it...

access-list no_nat deny ip host 10.10.1.1 any

access-list no_nat permit ip object-group no_nat any

Actions

This Discussion