Solved: Static one to one translation issues

Andrew Battersby · ‎02-28-2012

Hi,

I have a router with a static one to one translation. Example below:

ip nat inside source static 192.168.3.200 87.77.77.77

This works fine as expected. My issue is that I have a VPN going to this particular router from a 192.168.1.x range. They need access to the "192.168.3.200" IP address but due to the static translation they cannot get to it. They effectivly have to bypass the VPN and go to the public IP instead.

Is there a way to setup the static translation so people coming from the "192.168.3.200" will ignore it?

Thanks

Andy

Eduardo Aliaga · ‎03-04-2012

Hello. You should use a "route-map" specifying what traffic will trigger the NAT.

For example :

ip nat inside source static 192.168.3.200 87.77.77.77 route-map NAT

ip access-list extended NAT-ACL

deny ip host 192.168.3.200 192.168.1.0 0.0.0.255 <<< means do not NAT when 192.168.3.200 goes to 192.168.1.x

permit ip host 192.168.3.200 any

deny ip any any

route-map NAT permit 10

match ip address NAT-ACL

You will find more examples here https://supportforums.cisco.com/docs/DOC-5061

Please rate if it helps. Kind regards

View solution in original post

Eduardo Aliaga · ‎03-04-2012