Need help with NAT configs ASAP..

Answered Question
Apr 24th, 2010

Hii all,

Grettings!!!

I have a query

I have configured NAT on a 2801 router for a pool of Private addresses to be Natted to Single Public address which is working fine.

My query is


I want to exclude only a " Single Private ip add " not to get Natted from the Private ip address pool and remaining all ip addresses of that pool to be Natted???


So can u pls help me with dis configs ASAP

Brgds.....

I have this problem too.
0 votes
Correct Answer by Jennifer Halim about 6 years 9 months ago

OK, so the server is already on public ip address, that is why you do not have static nat and do not need to PAT it, right?

If the above is right, I also assume that there is already route on the next hop router to route traffic towards 83.x.x.5 towards the router outside interface?

If the above is right, you can configure the deny as follows:

access-list 1 deny host 83.X.X.5

access-list 1 permit 83.X.X.0 0.0.0.255

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
Jennifer Halim Sat, 04/24/2010 - 01:23

I assume you are using access-list to permit the private ip addresses to be nated to public ip address. You can configure a deny statement for that particular private ip address, and it will not be nated.

Please make sure that the deny ACL is on top of the permit statement.

Hope that helps.

Arifuddinkhaja Sat, 04/24/2010 - 01:29

Thankx 4 ur reply

Yes am using an ACL to permit those private ip address to  be natted to public ip add.

But if i config a deny statement " Will I be able to reach that particular ip address thru internet bcoz that particular ip add is of a Server" ???

Awating ur prompt response...

Thanks & Brgds...

Jennifer Halim Sat, 04/24/2010 - 01:34

I assume if it is a server and needs to be accessible through the internet, then it should already have a static nat entry. If it already has a static nat entry, it won't be using the dynamic nat statement, because static nat takes precedence over dynamic nat.

If the above statement is correct, you don't have to deny the server ip address from being NATed as it will just use the static nat statement.

Can you share your NAT configuration and advise what is the server ip?

Arifuddinkhaja Sat, 04/24/2010 - 01:47

Pls find below the requested NAT configs


!

ip nat pool voice 212.X.X.X 212.X.X.X netmask 255.255.255.128
ip nat inside source list 1 pool voice overload

!
access-list 1 permit 83.X.X.0 0.0.0.255

And the server ip is 83.X.X.5..

Correct Answer
Jennifer Halim Sat, 04/24/2010 - 01:50

OK, so the server is already on public ip address, that is why you do not have static nat and do not need to PAT it, right?

If the above is right, I also assume that there is already route on the next hop router to route traffic towards 83.x.x.5 towards the router outside interface?

If the above is right, you can configure the deny as follows:

access-list 1 deny host 83.X.X.5

access-list 1 permit 83.X.X.0 0.0.0.255

Actions

This Discussion