Solved: Re: Nat 0 problem

Leo_Stobbe · ‎06-11-2007

Hi,

nat (inside) 1 access-list internet

global (outside) 1 interface

nat (inside) 0 access-list no_nat

access-list internet permit ip object-group internet any

Object-group network internet

host 10.10.1.1

access-list no_nat permit ip object-group no_nat any

Object-group network no_nat

network 10.10.1.0

static (inside,outside) 192.168.1.1 10.10.1.1

I need a static translation for ip 10.10.1.1. Because remote users want to connect to that server's tcp ports (22,80)

But i can't do that because ip 10.10.1.1 belongs to pool 10.10.1.0, which is indicated in nat 0. And as i know Nat 0 has highest priority than dynamic and static nat. I can't remove 10.10.1.0 from nat 0 also. So what alternate solution can be in this case?

thanks a lot.

acomiskey · ‎06-11-2007

I think this will do it...

access-list no_nat deny ip host 10.10.1.1 any

access-list no_nat permit ip object-group no_nat any

View solution in original post

anandramapathy · ‎06-11-2007

Why do you want nat (inside) 0 access-list no_nat ?

Leo_Stobbe · ‎06-11-2007

Because i have the router which is performing the nat.

acomiskey · ‎06-11-2007

I think this will do it...

access-list no_nat deny ip host 10.10.1.1 any

access-list no_nat permit ip object-group no_nat any