ACE with nonat

Answered Question
Apr 5th, 2008

Hello,

I have a static NAT configured on my ACE that translates an internal IP to an external IP, but I want the same internal IP to maintain its IP when destined to a certain network. It's the same concept that is used on PIX/ASA with a nonat rule (nat 0). Any ideas on how to accomplish this?

Here's my static NAT config:

class-map match-all cmap-static-10.20.1.10

2 match source-address 10.20.1.10 255.255.255.255

!

policy-map multi-match pmap-nat-vl4001

class cmap-static-10.20.1.10

nat static 5.5.5.5 netmask 255.255.255.255 vlan 501

!

interface vlan 4001

service-policy input pmap-nat-vl4001

Thanks,

Lee

I have this problem too.
0 votes
Correct Answer by Gilles Dufour about 8 years 8 months ago

Lee,

basically you need to change the match source-address into a match ACL and create an ACL that deny the destination ip for which you want no nating and permit the rest.

Gilles.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
Correct Answer
Gilles Dufour Mon, 04/07/2008 - 01:43

Lee,

basically you need to change the match source-address into a match ACL and create an ACL that deny the destination ip for which you want no nating and permit the rest.

Gilles.

I hate to drudge up an old post, but this sounds exactly like an issue I am researching and I was wondering if anyone could help expand on this.

I have a serverfarm that I want everyone to hit with NAT'd addresses except for two IP's, but when I attempt to add a "match access-list" the class-map (which already has a match virtual-address), I get an error that I can not add other match types.

class-map match-all VIP_HOST1

  2 match virtual-address 172.1.1.100 any

Basically I have a serverfarm (HOST1.domain.com) that has two rservers (10.1.1.101 and 10.1.1.102) that use VIP 172.1.1.100. I have two other servers (10.1.1.201 and 10.1.1.202) that will use the VIP of HOST1, but I do not wish for those two IP's to get NAT'd.

Thanks for any assistance!

Actions

This Discussion