Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

static NAT with route map to exclude VPN


We are having problems accessing some static NATted IPs over a VPN.  After doing some research, we learned you need to exclude traffic destined for the VPN from the static NAT using a route-map. So we did this:

10.1.1.x is the VPN IP pool.

access-list 130 deny   ip 192.168.1.0 0.0.0.255 10.1.1.0 0.0.0.255
access-list 130 permit ip 192.168.1.0 0.0.0.255 any

route-map nonat permit 10
match ip address 130

ip nat inside source static 192.168.1.5 1.1.1.1 route-map nonat

The above worked to fix the VPN issue but the 192.168.1.5 IP is no longer available publicly via 1.1.1.1.  What seems to happen is that the static NAT is not really working and this IP is being NATted with the PAT IP.

Any ideas on how to get this to work?

Thanks,
Diego

1 ACCEPTED SOLUTION

Accepted Solutions
Cisco Employee

Re: static NAT with route map to exclude VPN

Hi,

The following example details exactly your case:

http://www.cisco.com/en/US/tech/tk583/tk372/technologies_configuration_example09186a0080094634.shtml

Try replacing the 192.168.1.0 subnet by the host address.

It should work

HTH

Laurent.

3 REPLIES
Cisco Employee

Re: static NAT with route map to exclude VPN

Hi,

The following example details exactly your case:

http://www.cisco.com/en/US/tech/tk583/tk372/technologies_configuration_example09186a0080094634.shtml

Try replacing the 192.168.1.0 subnet by the host address.

It should work

HTH

Laurent.

New Member

Re: static NAT with route map to exclude VPN

Thanks for the link.  Will try and let you know.

Rgds,

Diego

New Member

Re: static NAT with route map to exclude VPN

Got it working!  Thanks for the link.

Diego

3302
Views
0
Helpful
3
Replies
CreatePlease to create content