10-29-2007 11:45 PM - edited 03-03-2019 05:32 AM
ip nat pool nl_nat_pool 213.200.151.169 213.200.151.169 netmask 255.255.255.240
ip nat pool el_nat_pool 124.170.225.105 124.170.225.105 netmask 255.255.255.240
ip nat inside source route-map EL pool el_nat_pool overload
ip nat inside source route-map NL pool nl_nat_pool overload
--------------------------------------------------------------------------------
ip nat inside applied on internal network interface.
--------------------------------------------------------------------------------
Hello folks,
see the configuration above, we have 2 WAN interfaces and all the internal traffic nated here to access internet.
my current scenario is like. i don't want some Internal ips towards a particular destination NATed here.
i.e. say we have 5 vlans.
192.168.2.0
192.168.3.0
192.168.4.0
192.168.5.0
192.168.6.0
all are overloaded at wan interface, now i want to exclude some IPs in Vlan 2 (192.168.3.0) from overloading. (This is for a site to site VPN). Do you peoples have any idea about this.
Anith.
10-30-2007 12:21 AM
The following example allows only ip's .10 and .192-.199 to be natted for Internet access:
ip nat inside source list 1 interface FastEthernet0/1 overload
access-list 1 permit 10.70.200.10
access-list 1 permit 10.70.200.192 0.0.0.7
You may have to modify your access-lists to accomodate for this but in general, this is a solution to allow or disallow NAT for certain adresses.
regards,
Leo
10-30-2007 01:11 AM
tanks leo, i closed the other links.
and, did u ment my inside acces list. no acces list u kno.
*****
interface FastEthernet0/0
ip address 192.168.10.100 255.255.255.0
ip nat inside
ip virtual-reassembly
duplex auto
speed auto
*****
ip access-list standard RMED_LAN
permit 192.168.1.0 0.0.0.255
permit 192.168.2.0 0.0.0.255
permit 192.168.3.0 0.0.0.255
permit 192.168.10.0 0.0.0.255
permit 192.168.15.0 0.0.0.255
****
route-map NL permit 10
description ***** To NL ******
match ip address RMED_LAN
match interface FastEthernet0/1/0
!
route-map EL permit 10
description ***** To el *****
match ip address RMED_LAN
match interface FastEthernet0/3/0
*****
anith
10-30-2007 01:20 AM
From what I understod of you config, you are using a route map to allow NAT. Currently, all ip's in the subnets are allowed. This can be changed as follows:
ip access-list standard RMED_LAN
permit 192.168.1.0 0.0.0.255
permit 192.168.2.0 0.0.0.127
permit 192.168.2.192 0.0.0.7
permit 192.168.3.0 0.0.0.255
permit 192.168.10.0 0.0.0.255
permit 192.168.15.0 0.0.0.255
With this (example) change, only 192.168.2.0-127 and 192-199 are allowed for NAT.
Leo
10-30-2007 04:38 AM
grt its working
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide