Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

trouble Nat

hi, there´s any way to avoid nat translations all time?, i need that hosts only use nat pool when they try to connect only to a network

i have nat inside in fastethernet and nat outside in serial interface

4 REPLIES
New Member

Re: trouble Nat

for NAT, no request, no translation.

if you want to limit the time, use time-range in your access-list.

first, define time-range

config#time-range WORD

then use access-list

access-list 1 permit any time-range YourTimeRange

Bronze

Re: trouble Nat

You can configure NAT so that a translation only occurs when you want it to. It gets a little tricky but it can be done.

This is a common scenario in a VPN configuration where you don't want your VPN traffic to go through NAT.

Hers a sample configuration where the 10.10.10.0 network will NOT be natted when the destination subnet is 10.10.50.0. This will give you an idea. If you have anymore questions please feel free to ask.

Example -

interface ethernet 0

ip address 10.10.10.1 255.255.255.0

ip nat inside

!

interface serial 0/0

ip address 10.10.20.1 255.255.255.0

encapsulation ppp

ip nat outside

!

ip route 0.0.0.0 0.0.0.0 10.10.20.2

!

ip nat pool spoof 10.10.20.5 10.10.10.25 netmask 255.255.255.0

ip nat inside source route-map nonat pool spoof

access-list 105 deny ip 10.10.10.0 0.0.0.255 10.10.50.0 0.0.0.255

access-list 105 permit ip any any

!

route-map nonat permit 10

match ip address 105

Daniel

New Member

Re: trouble Nat

Hi Daniel i did what you say but don´t work yet this is my router configuration, is spmething missing?

thanks

interface FastEthernet0/0

ip address 10.22.15.2 255.255.255.0

speed auto

interface Serial0/0.20 point-to-point

ip address 10.200.200.50 255.255.255.252

ip nat outside

frame-relay interface-dlci 29

class Voz_128

vofr cisco

!

ip nat pool spoof 10.200.200.50 10.200.200.50 netmask 255.255.255.252

ip nat inside source route-map nonat pool spoof

access-list 105 deny ip 10.22.15.0 0.0.0.255 10.22.1.0 0.0.0.255

access-list 105 permit ip any any

!

route-map nonat permit 10

match ip address 105

and this is the nat translation table

SS_HOSP_NI&O_MUJ#sh ip nat tra

Pro Inside global Inside local Outside local Outside global

eigrp 10.200.200.50:0 10.200.200.50:0 224.0.0.10:0 224.0.0.10:0

tcp 10.200.200.50:23 10.200.200.50:23 10.200.200.49:30721 10.200.200.49:3072

1

icmp 10.200.200.50:53 10.200.200.50:53 10.22.1.1:53 10.22.1.1:53

regards

Bronze

Re: trouble Nat

You didn't put "ip nat inside" on your ethernet interface. Go ahead and add it in and then clear the NAT translations by typing "clear ip nat trans *" .

Then turn on the following debug while attempting to make the connections that you do not want to be put through NAT.

debug ip nat

Also what traffic are you trying to restrict from NAT ?

The show ip nat trans that you provided is showing the addresses were NOT natted if you look at the output its the same IP address in both columns indicating NO translation.

Daniel

112
Views
0
Helpful
4
Replies