06-11-2007 12:14 AM - edited 03-09-2019 06:09 PM
Hi,
nat (inside) 1 access-list internet
global (outside) 1 interface
nat (inside) 0 access-list no_nat
access-list internet permit ip object-group internet any
Object-group network internet
host 10.10.1.1
access-list no_nat permit ip object-group no_nat any
Object-group network no_nat
network 10.10.1.0
static (inside,outside) 192.168.1.1 10.10.1.1
I need a static translation for ip 10.10.1.1. Because remote users want to connect to that server's tcp ports (22,80)
But i can't do that because ip 10.10.1.1 belongs to pool 10.10.1.0, which is indicated in nat 0. And as i know Nat 0 has highest priority than dynamic and static nat. I can't remove 10.10.1.0 from nat 0 also. So what alternate solution can be in this case?
thanks a lot.
Solved! Go to Solution.
06-11-2007 04:58 AM
I think this will do it...
access-list no_nat deny ip host 10.10.1.1 any
access-list no_nat permit ip object-group no_nat any
06-11-2007 02:18 AM
Why do you want nat (inside) 0 access-list no_nat ?
06-11-2007 02:33 AM
Because i have the router which is performing the nat.
06-11-2007 04:58 AM
I think this will do it...
access-list no_nat deny ip host 10.10.1.1 any
access-list no_nat permit ip object-group no_nat any
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide