09-03-2008 12:58 PM - edited 03-03-2019 11:23 PM
I have a router that has a public IP address on it's serial interface. I have a device on the private side that needs to have connections to the public IP address translated to it for port 1720 (H323) traffic.
However, I need to have traffic to port 1720 from a specific subnet not be translated so that the router can handling incoming H323 calls from our Callmanager system.
Is there a way to do this? The current NAT configuration is below:
ip nat inside source static tcp 10.40.0.49 1720 interface Serial0/0 1720
ip nat inside source route-map nonat interface Serial0/0 overload
!
access-list 102 deny ip 10.40.0.0 0.0.0.255 172.16.0.0 0.0.0.255
access-list 102 deny ip 10.20.0.0 0.0.0.255 172.16.0.0 0.0.0.255
access-list 102 permit ip 10.40.0.0 0.0.0.255 any
access-list 102 permit ip 10.20.0.0 0.0.0.255 any
!
route-map nonat permit 102
match ip address 102
09-03-2008 06:57 PM
ur config looks ok whats the problem with it ?
also, u might use nromal ACL blocking traffic based on source distenation and port number !! just idea if u can block try ACL and apply it on the right interface with the right direction as well
keep in mind u need permit ip any any at the end of the ACL becasue evry ACL contain implicit deny
good luck
if helpful Rate
09-04-2008 07:06 AM
The connections, even from our Callmanager subnet, are still being NAT'd to the inside address for port 1720.
09-04-2008 08:18 AM
do you have any other public addresses available for use instead of just the serial interface? Usually the provider will give you a small block to use. You can then have a sttaic nat dedicated to the system you want to have natted. Then no other traffic would be affected.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide