Static NAT except for traffic from a certain subnet

Unanswered Question
Sep 3rd, 2008
User Badges:

I have a router that has a public IP address on it's serial interface. I have a device on the private side that needs to have connections to the public IP address translated to it for port 1720 (H323) traffic.

However, I need to have traffic to port 1720 from a specific subnet not be translated so that the router can handling incoming H323 calls from our Callmanager system.

Is there a way to do this? The current NAT configuration is below:

ip nat inside source static tcp 1720 interface Serial0/0 1720

ip nat inside source route-map nonat interface Serial0/0 overload


access-list 102 deny ip

access-list 102 deny ip

access-list 102 permit ip any

access-list 102 permit ip any


route-map nonat permit 102

match ip address 102

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Marwan ALshawi Wed, 09/03/2008 - 18:57
User Badges:
  • Purple, 4500 points or more
  • Community Spotlight Award,

    Best Publication, December 2015

ur config looks ok whats the problem with it ?

also, u might use nromal ACL blocking traffic based on source distenation and port number !! just idea if u can block try ACL and apply it on the right interface with the right direction as well

keep in mind u need permit ip any any at the end of the ACL becasue evry ACL contain implicit deny

good luck

if helpful Rate

pmccloud Thu, 09/04/2008 - 07:06
User Badges:

The connections, even from our Callmanager subnet, are still being NAT'd to the inside address for port 1720.


This Discussion