Solved: ACE with nonat

lxcollin1 · ‎04-05-2008

Hello,

I have a static NAT configured on my ACE that translates an internal IP to an external IP, but I want the same internal IP to maintain its IP when destined to a certain network. It's the same concept that is used on PIX/ASA with a nonat rule (nat 0). Any ideas on how to accomplish this?

Here's my static NAT config:

class-map match-all cmap-static-10.20.1.10

2 match source-address 10.20.1.10 255.255.255.255

!

policy-map multi-match pmap-nat-vl4001

class cmap-static-10.20.1.10

nat static 5.5.5.5 netmask 255.255.255.255 vlan 501

!

interface vlan 4001

service-policy input pmap-nat-vl4001

Thanks,

Lee

Gilles Dufour · ‎04-07-2008

Lee,

basically you need to change the match source-address into a match ACL and create an ACL that deny the destination ip for which you want no nating and permit the rest.

Gilles.

View solution in original post

Gilles Dufour · ‎04-07-2008

Lee,

basically you need to change the match source-address into a match ACL and create an ACL that deny the destination ip for which you want no nating and permit the rest.

Gilles.

brian_nc · ‎11-29-2011

I hate to drudge up an old post, but this sounds exactly like an issue I am researching and I was wondering if anyone could help expand on this.

I have a serverfarm that I want everyone to hit with NAT'd addresses except for two IP's, but when I attempt to add a "match access-list" the class-map (which already has a match virtual-address), I get an error that I can not add other match types.

class-map match-all VIP_HOST1

2 match virtual-address 172.1.1.100 any

Basically I have a serverfarm (HOST1.domain.com) that has two rservers (10.1.1.101 and 10.1.1.102) that use VIP 172.1.1.100. I have two other servers (10.1.1.201 and 10.1.1.202) that will use the VIP of HOST1, but I do not wish for those two IP's to get NAT'd.

Thanks for any assistance!