Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Nat 0 problem

Hi,

nat (inside) 1 access-list internet

global (outside) 1 interface

nat (inside) 0 access-list no_nat

access-list internet permit ip object-group internet any

Object-group network internet

host 10.10.1.1

access-list no_nat permit ip object-group no_nat any

Object-group network no_nat

network 10.10.1.0

static (inside,outside) 192.168.1.1 10.10.1.1

I need a static translation for ip 10.10.1.1. Because remote users want to connect to that server's tcp ports (22,80)

But i can't do that because ip 10.10.1.1 belongs to pool 10.10.1.0, which is indicated in nat 0. And as i know Nat 0 has highest priority than dynamic and static nat. I can't remove 10.10.1.0 from nat 0 also. So what alternate solution can be in this case?

thanks a lot.

1 ACCEPTED SOLUTION

Accepted Solutions
Green

Re: Nat 0 problem

I think this will do it...

access-list no_nat deny ip host 10.10.1.1 any

access-list no_nat permit ip object-group no_nat any

3 REPLIES

Re: Nat 0 problem

Why do you want nat (inside) 0 access-list no_nat ?

New Member

Re: Nat 0 problem

Because i have the router which is performing the nat.

Green

Re: Nat 0 problem

I think this will do it...

access-list no_nat deny ip host 10.10.1.1 any

access-list no_nat permit ip object-group no_nat any

127
Views
0
Helpful
3
Replies