03-03-2009 11:44 PM - edited 03-11-2019 08:00 AM
Hi,
Cisco Guide says that "when you configure Identity Nat or exempt nat,You do not limit translation for a host on specific interfaces;you must choose identity nat for all the connections thorugh all the interfaces.Hence you cannot choose normal translations on real addresses when you access int A,but use identity when accessing int B."
1.Simply not able to understand at all what does that mean.Say a n/w of 192.168.0.0 255.255.0.0
Identity nat Will be like nat(inside) 0 192.168.0.0 255.255.0.0
and also patted like
nat(inside)1 192.168.0.0 255.255.0.0
Global(ouside)1 interface
Where does the significance of interface A and B comes?
2. Exmept nat.
I have config like;
nat(inside)1 192.168.0.0 255.255.0.0
Global(ouside)1 interface
Internet works fine.
Now I use exempt on same i.e
access list inside_outbound permit ip 192.168.0.0 255.255.0.0 any
nat (inside) 0 access-list inside_outbound.
Will this block the internet access?
Reg,
Sushil
Solved! Go to Solution.
03-05-2009 12:33 AM
Fo Eg. Say
nat(inside) 0 192.168.0.0 255.255.0.0
Here the traffic from 192.168.0.0/16 will be sent as it is without NAT, to both outside and any other DMZ interfaces if present.
03-04-2009 12:30 AM
1) What the statement means is that the identity nat
nat (inside) 0 XXXX
cannot be seperated by outbound interfaces (unless you use an access-list specifying the destination subnets)
2) If you do that your internet access will be lost as nat (inside) 0 takes precedence over nat (inside) 1. However if you change the destination from any to specific subnets in the access-list it should not cause a problem.
03-04-2009 11:58 PM
Naveen,
ok with 2nd answer.Not able to understand what does mean by separated in by outbound interfaces.
Reg,
Sushil
03-05-2009 12:33 AM
Fo Eg. Say
nat(inside) 0 192.168.0.0 255.255.0.0
Here the traffic from 192.168.0.0/16 will be sent as it is without NAT, to both outside and any other DMZ interfaces if present.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide