04-24-2010 01:19 AM - edited 03-04-2019 08:16 AM
Hii all,
Grettings!!!
I have a query
I have configured NAT on a 2801 router for a pool of Private addresses to be Natted to Single Public address which is working fine.
My query is
I want to exclude only a " Single Private ip add " not to get Natted from the Private ip address pool and remaining all ip addresses of that pool to be Natted???
So can u pls help me with dis configs ASAP
Brgds.....
Solved! Go to Solution.
04-24-2010 01:50 AM
OK, so the server is already on public ip address, that is why you do not have static nat and do not need to PAT it, right?
If the above is right, I also assume that there is already route on the next hop router to route traffic towards 83.x.x.5 towards the router outside interface?
If the above is right, you can configure the deny as follows:
access-list 1 deny host 83.X.X.5
access-list 1 permit 83.X.X.0 0.0.0.255
04-24-2010 01:23 AM
I assume you are using access-list to permit the private ip addresses to be nated to public ip address. You can configure a deny statement for that particular private ip address, and it will not be nated.
Please make sure that the deny ACL is on top of the permit statement.
Hope that helps.
04-24-2010 01:29 AM
Thankx 4 ur reply
Yes am using an ACL to permit those private ip address to be natted to public ip add.
But if i config a deny statement " Will I be able to reach that particular ip address thru internet bcoz that particular ip add is of a Server" ???
Awating ur prompt response...
Thanks & Brgds...
04-24-2010 01:34 AM
I assume if it is a server and needs to be accessible through the internet, then it should already have a static nat entry. If it already has a static nat entry, it won't be using the dynamic nat statement, because static nat takes precedence over dynamic nat.
If the above statement is correct, you don't have to deny the server ip address from being NATed as it will just use the static nat statement.
Can you share your NAT configuration and advise what is the server ip?
04-24-2010 01:47 AM
Pls find below the requested NAT configs
!
ip nat pool voice 212.X.X.X 212.X.X.X netmask 255.255.255.128
ip nat inside source list 1 pool voice overload
!
access-list 1 permit 83.X.X.0 0.0.0.255
And the server ip is 83.X.X.5..
04-24-2010 01:50 AM
OK, so the server is already on public ip address, that is why you do not have static nat and do not need to PAT it, right?
If the above is right, I also assume that there is already route on the next hop router to route traffic towards 83.x.x.5 towards the router outside interface?
If the above is right, you can configure the deny as follows:
access-list 1 deny host 83.X.X.5
access-list 1 permit 83.X.X.0 0.0.0.255
04-24-2010 05:12 AM
Thanx alot..Itz workin 5n nw..
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide