Static NAT except for traffic from a certain subnet

Unanswered Question
Sep 3rd, 2008
User Badges:

I have a router that has a public IP address on it's serial interface. I have a device on the private side that needs to have connections to the public IP address translated to it for port 1720 (H323) traffic.

However, I need to have traffic to port 1720 from a specific subnet not be translated so that the router can handling incoming H323 calls from our Callmanager system.

Is there a way to do this? The current NAT configuration is below:


ip nat inside source static tcp 10.40.0.49 1720 interface Serial0/0 1720

ip nat inside source route-map nonat interface Serial0/0 overload

!

access-list 102 deny ip 10.40.0.0 0.0.0.255 172.16.0.0 0.0.0.255

access-list 102 deny ip 10.20.0.0 0.0.0.255 172.16.0.0 0.0.0.255

access-list 102 permit ip 10.40.0.0 0.0.0.255 any

access-list 102 permit ip 10.20.0.0 0.0.0.255 any

!

route-map nonat permit 102

match ip address 102

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Marwan ALshawi Wed, 09/03/2008 - 18:57
User Badges:
  • Purple, 4500 points or more
  • Community Spotlight Award,

    Best Publication, December 2015

ur config looks ok whats the problem with it ?




also, u might use nromal ACL blocking traffic based on source distenation and port number !! just idea if u can block try ACL and apply it on the right interface with the right direction as well


keep in mind u need permit ip any any at the end of the ACL becasue evry ACL contain implicit deny


good luck


if helpful Rate

pmccloud Thu, 09/04/2008 - 07:06
User Badges:

The connections, even from our Callmanager subnet, are still being NAT'd to the inside address for port 1720.

Actions

This Discussion