Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
327
Views
0
Helpful
4
Replies

Static NAT and basic routing simultaneously

Go to solution
helpdesk160
Level 1
Level 1

‎07-21-2014 04:27 AM - edited ‎03-03-2019 07:31 AM

Hi all,

I need some help on configuring a Cisco 2811 router which is used in a private network.

I just need one IP address to be (statically) translated from one interface to a host on another interface. All other traffic, both on inside and outside, must just be routed.

I know this is possible, but I got lost on the tons of information found on the Cisco pages. I know that it has to do with specifying the traffic with ACLs to control what should be routed. This is a sample config:

interface fa0/1

ip address 10.1.1.1 255.255.255.0

ip nat outside

Interface fa0/2

ip address 192.168.1.2 255.255.255.0

ip nat inside

ip nat inside source static 192.168.1.5 10.1.1.1

This will translate all inside source 192.168.1.5 tot 10.1.1.1 and visa versa. But will this also implicitly route all other traffic through basic routing? From inside to outside and visa versa?

Thank you for any assistance.

Best regards,

Rob

 

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
LJ Gabrillo
Level 5
Level 5

‎07-21-2014 04:52 AM

Try creating an access list and denying the subnets that you require to be subnetted, since you are going to route the rest, just add deny ip any any

ip access-list extendend NO_NAT
  deny ip any any

ip nat inside source list NO_NAT interface <port> overload

Once an interface is marked as inside/outside routing cant pass through since again, you marked it for nat-ting. 

Try it, hopefully it works.

View solution in original post

0 Helpful
4 Replies 4

Go to solution
LJ Gabrillo
Level 5
Level 5

‎07-21-2014 04:52 AM

Try creating an access list and denying the subnets that you require to be subnetted, since you are going to route the rest, just add deny ip any any

ip access-list extendend NO_NAT
  deny ip any any

ip nat inside source list NO_NAT interface <port> overload

Once an interface is marked as inside/outside routing cant pass through since again, you marked it for nat-ting. 

Try it, hopefully it works.

0 Helpful

Go to solution
helpdesk160
Level 1
Level 1
In response to LJ Gabrillo

‎07-22-2014 01:38 AM

Thank you for your reply Isgabrillo,

I will try the following configuration the upcomming week. I need to try this in a service window.

interface fa0/1
  ip address 10.1.1.1 255.255.255.0
  ip nat outside

Interface fa0/2
  ip address 192.168.1.2 255.255.255.0
  ip nat inside

ip access-list extended NO_NAT
  deny ip any any

ip nat inside source static 192.168.1.5 10.1.1.1
ip nat inside source list NO_NAT interface fa0/1 overload

I will post the results.

Thanks for the assistance.

Rob

 

0 Helpful

Go to solution
helpdesk160
Level 1
Level 1
In response to helpdesk160

‎07-31-2014 12:06 AM

Isgabrillo,

The config works. Thanks for your time and respons.

 

Best regards,

Rob

 

0 Helpful

Go to solution
LJ Gabrillo
Level 5
Level 5
In response to helpdesk160

‎07-31-2014 12:16 AM

No problem :)

Just remember if you want traffic not be NAT-ted, e.g., your requirement, Remote VPN, and IPSec s2s, always have a no-nat statement
AND, lastly if you want traffic to be NAT-ted, then simply create an permit statement in your  NO_NAT ACL ^^

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents