NAT in IOS static but bypass for direct access

Unanswered Question
Apr 15th, 2009

my company wants to have it's cake and eat it too. we are migrating an application from a legacy host system to a new host system. at a remote site, we want some users to telnet to the legacy ip address (244) and be redirected to the new ip address (144). we also want some users at the same remote site to be able to telnet directly to the new host system (144). if i implement a simple ip nat static, the first part (redirection) works fine but the second part (direct connect) fails. I understand why this is happening, but how do i get around it?

site A - subnet

host legacy

host new

remote site b - subnet

host joe

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
connect2world Wed, 04/15/2009 - 18:52

Would putting an deny to those ip you wish to exclude from your nat access-list do the job?

cmccready Thu, 04/16/2009 - 16:28

not sure ... I thought that the deny would be implied and that only the 'permit'-d addresses would be nat'd

i tested a new set of configs today and was able to get direct traffic to avoid the nat by policy-routing it out another interface. it's ugly but it works

connect2world Thu, 04/16/2009 - 18:05

Yes you are correct.I have not thought of that! You could have assign ip address to those device which need direct connection, out of the nating access-list range. This way I think might also achieve what you need.

daybreak001 Thu, 04/16/2009 - 22:53

Router# show proce cpu

CPU utilization for five seconds: 2%/0%; one minute: 5%; five minutes: 5%


This Discussion