06-30-2010 09:54 AM - edited 03-04-2019 08:56 AM
Hello All,
I have a 2851 Router. I am in the process of setting up a VPN. I have already created the ACL for my VPN interetsting traffic but, need to know how to disable NAT for my traffic going accross the site to site VPN?
Solved! Go to Solution.
06-30-2010 09:58 AM
Don't include that traffic on the ACL
06-30-2010 10:23 AM
Only traffic included on the ACL will be candidate for NAT.
If you don't want some flows to be NAT'd, don't include them on the NAT ACL.
NAT 0 is FW is for NAT exception. Not needed on Cisco IOS as traffic not included on the NAT ACL has an exception by default.
Regards,
Edison
06-30-2010 10:23 AM
In the acl that you're using for natting, deny the subnets that you're pushing across the vpn.
Suppose you have 192.168.1.0/24 and 192.168.2.0/24 on the other side. You want to nat 192.168.1.0 when it goes to the internet, but you don't want to nat across the tunnel.
ip nat insid source route-map NAT inte s0/0
access-list 100 deny ip 192.168.1.0 0.0.0.255 192.168.2.0 0.0.0.255
access-list 100 permit ip any any
route-map NAT permit 5
match ip address 100
HTH,
John
06-30-2010 09:58 AM
Don't include that traffic on the ACL
06-30-2010 10:02 AM
I don't understand?
06-30-2010 10:23 AM
Only traffic included on the ACL will be candidate for NAT.
If you don't want some flows to be NAT'd, don't include them on the NAT ACL.
NAT 0 is FW is for NAT exception. Not needed on Cisco IOS as traffic not included on the NAT ACL has an exception by default.
Regards,
Edison
06-30-2010 11:08 AM
Thanks Mr. Ortiz.
06-30-2010 10:23 AM
In the acl that you're using for natting, deny the subnets that you're pushing across the vpn.
Suppose you have 192.168.1.0/24 and 192.168.2.0/24 on the other side. You want to nat 192.168.1.0 when it goes to the internet, but you don't want to nat across the tunnel.
ip nat insid source route-map NAT inte s0/0
access-list 100 deny ip 192.168.1.0 0.0.0.255 192.168.2.0 0.0.0.255
access-list 100 permit ip any any
route-map NAT permit 5
match ip address 100
HTH,
John
06-30-2010 11:08 AM
Thanks John.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: