[nsp] IP NAT question

Bruce Pinsky bep at whack.org
Tue Jun 8 15:59:37 EDT 2004


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Eric Helm wrote:

| I have an odd situation that requires an inside host (192.168.110.2) on
| the Ethernet0 port be NATed to a public address on Ethernet1 port for
| internet access, but no NAT for other specific networks that reside on
| the E1 side of the router. Any good suggestions on how to accomplish this?
|
| NAT to the internet is easy enough, but how do I prevent the host from
| being NATed if the source or destination is one of the networks I
| specify on the E1 side?
|

Use an access-list which denies the destination networks on the E1 side and
permits all others like:

access-list 101 deny ip 192.168.110.2 x.x.x.x
access-list 101 deny ip 192.168.110.2 y.y.y.y
access-list 101 permit ip 192.168.110.2 any

ip nat inside source list 101 <rest of the command>

- --
=========
bep

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.2 (MingW32)

iD8DBQFAxhqoE1XcgMgrtyYRAsRWAKCct7UXY6up2Zkfz5pVwSF4ogu1+ACcDFrB
TIBNFQ4pxv3hcj3gjg/KvHY=
=J8J3
-----END PGP SIGNATURE-----


More information about the cisco-nsp mailing list