Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Community Member

NAT

Can a range of IPs be excuded from NAT?

6 REPLIES
Purple

Re: NAT

It certainly can. When you configure NAT, you can specify an access-list that includes all addresses that you want translated. Anything outside of this range will NOT be translated.

Hope that helps - pls rate the post if it does.

Paresh

Community Member

Re: NAT

I think I follow.

Below is our setup. What we'd like to do is have range 192.168.20.0 - 192.168.22.0 exluded from NAT.

Thanks.

interface Vlan10

description UMC

ip address 192.168.10.254 255.255.0.0

ip nat inside

interface Vlan199

description INET

ip address 172.16.1.254 255.255.255.0

ip nat outside

ip nat pool ovrld 192.168.10.1 192.168.10.1 prefix-length 24

ip nat inside source list 7 pool ovrld overload

Purple

Re: NAT

You can use the following to achieve that -

access-list 7 deny 192.168.20.0 0.0.0.255

access-list 7 deny 192.168.21.0 0.0.0.255

access-list 7 deny 192.168.22.0 0.0.0.255

access-list 7 permit any

That should do it...

Hope that helps - pls rate the post if it does.

Paresh

Community Member

Re: NAT

Is this going to block the IPs altogether?

I don't want to block them, I just need them to not be NATed.

Thanks for your replies

Purple

Re: NAT

Hi,

That access-list (number 7) will only impact what gets NATed - it will still allow all traffic through, it just won't NAT it.

Hope that helps - pls rate the post if it does.

Paresh

Gold

Re: NAT

ip nat inside source route-map nonat interface overload

access-list 101 deny ip host 192.168.1.1 any

access-list 101 deny ip host 192.168.1.2 any

access-list 101 deny ip host 192.168.1.3 any

access-list 101 deny ip host 192.168.1.4 any

access-list 101 deny ip host 192.168.1.5 any

access-list 101 permit ip 192.168.1.0 0.0.0.255 any

route-map nonat permit 10

match ip address 101

146
Views
0
Helpful
6
Replies
CreatePlease to create content