Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Need help with NAT configs ASAP..

Hii all,

Grettings!!!

I have a query

I have configured NAT on a 2801 router for a pool of Private addresses to be Natted to Single Public address which is working fine.

My query is


I want to exclude only a " Single Private ip add " not to get Natted from the Private ip address pool and remaining all ip addresses of that pool to be Natted???


So can u pls help me with dis configs ASAP

Brgds.....

Everyone's tags (4)
1 ACCEPTED SOLUTION

Accepted Solutions
Cisco Employee

Re: Need help with NAT configs ASAP..

OK, so the server is already on public ip address, that is why you do not have static nat and do not need to PAT it, right?

If the above is right, I also assume that there is already route on the next hop router to route traffic towards 83.x.x.5 towards the router outside interface?

If the above is right, you can configure the deny as follows:

access-list 1 deny host 83.X.X.5

access-list 1 permit 83.X.X.0 0.0.0.255

6 REPLIES
Cisco Employee

Re: Need help with NAT configs ASAP..

I assume you are using access-list to permit the private ip addresses to be nated to public ip address. You can configure a deny statement for that particular private ip address, and it will not be nated.

Please make sure that the deny ACL is on top of the permit statement.

Hope that helps.

New Member

Re: Need help with NAT configs ASAP..

Thankx 4 ur reply

Yes am using an ACL to permit those private ip address to  be natted to public ip add.

But if i config a deny statement " Will I be able to reach that particular ip address thru internet bcoz that particular ip add is of a Server" ???

Awating ur prompt response...

Thanks & Brgds...

Cisco Employee

Re: Need help with NAT configs ASAP..

I assume if it is a server and needs to be accessible through the internet, then it should already have a static nat entry. If it already has a static nat entry, it won't be using the dynamic nat statement, because static nat takes precedence over dynamic nat.

If the above statement is correct, you don't have to deny the server ip address from being NATed as it will just use the static nat statement.

Can you share your NAT configuration and advise what is the server ip?

New Member

Re: Need help with NAT configs ASAP..

Pls find below the requested NAT configs


!

ip nat pool voice 212.X.X.X 212.X.X.X netmask 255.255.255.128
ip nat inside source list 1 pool voice overload

!
access-list 1 permit 83.X.X.0 0.0.0.255

And the server ip is 83.X.X.5..

Cisco Employee

Re: Need help with NAT configs ASAP..

OK, so the server is already on public ip address, that is why you do not have static nat and do not need to PAT it, right?

If the above is right, I also assume that there is already route on the next hop router to route traffic towards 83.x.x.5 towards the router outside interface?

If the above is right, you can configure the deny as follows:

access-list 1 deny host 83.X.X.5

access-list 1 permit 83.X.X.0 0.0.0.255

New Member

Re: Need help with NAT configs ASAP..

Thanx alot..Itz workin 5n nw..

607
Views
0
Helpful
6
Replies