cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1004
Views
0
Helpful
6
Replies

Need help with NAT configs ASAP..

Arifuddinkhaja
Level 1
Level 1

Hii all,

Grettings!!!

I have a query

I have configured NAT on a 2801 router for a pool of Private addresses to be Natted to Single Public address which is working fine.

My query is


I want to exclude only a " Single Private ip add " not to get Natted from the Private ip address pool and remaining all ip addresses of that pool to be Natted???


So can u pls help me with dis configs ASAP

Brgds.....

1 Accepted Solution

Accepted Solutions

OK, so the server is already on public ip address, that is why you do not have static nat and do not need to PAT it, right?

If the above is right, I also assume that there is already route on the next hop router to route traffic towards 83.x.x.5 towards the router outside interface?

If the above is right, you can configure the deny as follows:

access-list 1 deny host 83.X.X.5

access-list 1 permit 83.X.X.0 0.0.0.255

View solution in original post

6 Replies 6

Jennifer Halim
Cisco Employee
Cisco Employee

I assume you are using access-list to permit the private ip addresses to be nated to public ip address. You can configure a deny statement for that particular private ip address, and it will not be nated.

Please make sure that the deny ACL is on top of the permit statement.

Hope that helps.

Thankx 4 ur reply

Yes am using an ACL to permit those private ip address to  be natted to public ip add.

But if i config a deny statement " Will I be able to reach that particular ip address thru internet bcoz that particular ip add is of a Server" ???

Awating ur prompt response...

Thanks & Brgds...

I assume if it is a server and needs to be accessible through the internet, then it should already have a static nat entry. If it already has a static nat entry, it won't be using the dynamic nat statement, because static nat takes precedence over dynamic nat.

If the above statement is correct, you don't have to deny the server ip address from being NATed as it will just use the static nat statement.

Can you share your NAT configuration and advise what is the server ip?

Pls find below the requested NAT configs


!

ip nat pool voice 212.X.X.X 212.X.X.X netmask 255.255.255.128
ip nat inside source list 1 pool voice overload

!
access-list 1 permit 83.X.X.0 0.0.0.255

And the server ip is 83.X.X.5..

OK, so the server is already on public ip address, that is why you do not have static nat and do not need to PAT it, right?

If the above is right, I also assume that there is already route on the next hop router to route traffic towards 83.x.x.5 towards the router outside interface?

If the above is right, you can configure the deny as follows:

access-list 1 deny host 83.X.X.5

access-list 1 permit 83.X.X.0 0.0.0.255

Thanx alot..Itz workin 5n nw..

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Innovations in Cisco Full Stack Observability - A new webinar from Cisco