Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

ACE with nonat

Hello,

I have a static NAT configured on my ACE that translates an internal IP to an external IP, but I want the same internal IP to maintain its IP when destined to a certain network. It's the same concept that is used on PIX/ASA with a nonat rule (nat 0). Any ideas on how to accomplish this?

Here's my static NAT config:

class-map match-all cmap-static-10.20.1.10

2 match source-address 10.20.1.10 255.255.255.255

!

policy-map multi-match pmap-nat-vl4001

class cmap-static-10.20.1.10

nat static 5.5.5.5 netmask 255.255.255.255 vlan 501

!

interface vlan 4001

service-policy input pmap-nat-vl4001

Thanks,

Lee

1 ACCEPTED SOLUTION

Accepted Solutions
Cisco Employee

Re: ACE with nonat

Lee,

basically you need to change the match source-address into a match ACL and create an ACL that deny the destination ip for which you want no nating and permit the rest.

Gilles.

2 REPLIES
Cisco Employee

Re: ACE with nonat

Lee,

basically you need to change the match source-address into a match ACL and create an ACL that deny the destination ip for which you want no nating and permit the rest.

Gilles.

New Member

Re: ACE with nonat

I hate to drudge up an old post, but this sounds exactly like an issue I am researching and I was wondering if anyone could help expand on this.

I have a serverfarm that I want everyone to hit with NAT'd addresses except for two IP's, but when I attempt to add a "match access-list" the class-map (which already has a match virtual-address), I get an error that I can not add other match types.

class-map match-all VIP_HOST1

  2 match virtual-address 172.1.1.100 any

Basically I have a serverfarm (HOST1.domain.com) that has two rservers (10.1.1.101 and 10.1.1.102) that use VIP 172.1.1.100. I have two other servers (10.1.1.201 and 10.1.1.202) that will use the VIP of HOST1, but I do not wish for those two IP's to get NAT'd.

Thanks for any assistance!

391
Views
0
Helpful
2
Replies
CreatePlease login to create content