Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Static NAT except for traffic from a certain subnet

I have a router that has a public IP address on it's serial interface. I have a device on the private side that needs to have connections to the public IP address translated to it for port 1720 (H323) traffic.

However, I need to have traffic to port 1720 from a specific subnet not be translated so that the router can handling incoming H323 calls from our Callmanager system.

Is there a way to do this? The current NAT configuration is below:

ip nat inside source static tcp 10.40.0.49 1720 interface Serial0/0 1720

ip nat inside source route-map nonat interface Serial0/0 overload

!

access-list 102 deny ip 10.40.0.0 0.0.0.255 172.16.0.0 0.0.0.255

access-list 102 deny ip 10.20.0.0 0.0.0.255 172.16.0.0 0.0.0.255

access-list 102 permit ip 10.40.0.0 0.0.0.255 any

access-list 102 permit ip 10.20.0.0 0.0.0.255 any

!

route-map nonat permit 102

match ip address 102

3 REPLIES

Re: Static NAT except for traffic from a certain subnet

ur config looks ok whats the problem with it ?

also, u might use nromal ACL blocking traffic based on source distenation and port number !! just idea if u can block try ACL and apply it on the right interface with the right direction as well

keep in mind u need permit ip any any at the end of the ACL becasue evry ACL contain implicit deny

good luck

if helpful Rate

New Member

Re: Static NAT except for traffic from a certain subnet

The connections, even from our Callmanager subnet, are still being NAT'd to the inside address for port 1720.

New Member

Re: Static NAT except for traffic from a certain subnet

do you have any other public addresses available for use instead of just the serial interface? Usually the provider will give you a small block to use. You can then have a sttaic nat dedicated to the system you want to have natted. Then no other traffic would be affected.

130
Views
0
Helpful
3
Replies