09-03-2008 12:58 PM - edited 03-03-2019 11:23 PM
I have a router that has a public IP address on it's serial interface. I have a device on the private side that needs to have connections to the public IP address translated to it for port 1720 (H323) traffic.
However, I need to have traffic to port 1720 from a specific subnet not be translated so that the router can handling incoming H323 calls from our Callmanager system.
Is there a way to do this? The current NAT configuration is below:
ip nat inside source static tcp 10.40.0.49 1720 interface Serial0/0 1720
ip nat inside source route-map nonat interface Serial0/0 overload
!
access-list 102 deny ip 10.40.0.0 0.0.0.255 172.16.0.0 0.0.0.255
access-list 102 deny ip 10.20.0.0 0.0.0.255 172.16.0.0 0.0.0.255
access-list 102 permit ip 10.40.0.0 0.0.0.255 any
access-list 102 permit ip 10.20.0.0 0.0.0.255 any
!
route-map nonat permit 102
match ip address 102
09-03-2008 06:57 PM
ur config looks ok whats the problem with it ?
also, u might use nromal ACL blocking traffic based on source distenation and port number !! just idea if u can block try ACL and apply it on the right interface with the right direction as well
keep in mind u need permit ip any any at the end of the ACL becasue evry ACL contain implicit deny
good luck
if helpful Rate
09-04-2008 07:06 AM
The connections, even from our Callmanager subnet, are still being NAT'd to the inside address for port 1720.
09-04-2008 08:18 AM
do you have any other public addresses available for use instead of just the serial interface? Usually the provider will give you a small block to use. You can then have a sttaic nat dedicated to the system you want to have natted. Then no other traffic would be affected.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: