Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Static NAT and basic routing simultaneously

Hi all,

I need some help on configuring a Cisco 2811 router which is used in a private network.

I just need one IP address to be (statically) translated from one interface to a host on another interface. All other traffic, both on inside and outside, must just be routed.

I know this is possible, but I got lost on the tons of information found on the Cisco pages. I know that it has to do with specifying the traffic with ACLs to control what should be routed. This is a sample config:

interface fa0/1

ip address 10.1.1.1 255.255.255.0

ip nat outside

Interface fa0/2

ip address 192.168.1.2 255.255.255.0

ip nat inside

ip nat inside source static 192.168.1.5 10.1.1.1

This will translate all inside source 192.168.1.5 tot 10.1.1.1 and visa versa. But will this also implicitly route all other traffic through basic routing? From inside to outside and visa versa?

Thank you for any assistance.

Best regards,

Rob

 

1 ACCEPTED SOLUTION

Accepted Solutions
Silver

Try creating an access list

Try creating an access list and denying the subnets that you require to be subnetted, since you are going to route the rest, just add deny ip any any

ip access-list extendend NO_NAT
  deny ip any any

ip nat inside source list NO_NAT interface <port> overload

Once an interface is marked as inside/outside routing cant pass through since again, you marked it for nat-ting. 

Try it, hopefully it works.

4 REPLIES
Silver

Try creating an access list

Try creating an access list and denying the subnets that you require to be subnetted, since you are going to route the rest, just add deny ip any any

ip access-list extendend NO_NAT
  deny ip any any

ip nat inside source list NO_NAT interface <port> overload

Once an interface is marked as inside/outside routing cant pass through since again, you marked it for nat-ting. 

Try it, hopefully it works.

New Member

Thank you for your reply

Thank you for your reply Isgabrillo,

I will try the following configuration the upcomming week. I need to try this in a service window.

interface fa0/1
  ip address 10.1.1.1 255.255.255.0

  ip nat outside

Interface fa0/2
  ip address 192.168.1.2 255.255.255.0
  ip nat inside

ip access-list extended NO_NAT
  deny ip any any

ip nat inside source static 192.168.1.5 10.1.1.1
ip nat inside source list NO_NAT interface fa0/1 overload

I will post the results.

Thanks for the assistance.

Rob

 

New Member

Isgabrillo,The config works.

Isgabrillo,

The config works. Thanks for your time and respons.

 

Best regards,

Rob

 

Silver

No problem :)Just remember if

No problem :)

Just remember if you want traffic not be NAT-ted, e.g., your requirement, Remote VPN, and IPSec s2s, always have a no-nat statement
AND, lastly if you want traffic to be NAT-ted, then simply create an permit statement in your  NO_NAT ACL ^^

39
Views
0
Helpful
4
Replies