[nsp] IP NAT question
Bruce Pinsky
bep at whack.org
Tue Jun 8 15:59:37 EDT 2004
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Eric Helm wrote:
| I have an odd situation that requires an inside host (192.168.110.2) on
| the Ethernet0 port be NATed to a public address on Ethernet1 port for
| internet access, but no NAT for other specific networks that reside on
| the E1 side of the router. Any good suggestions on how to accomplish this?
|
| NAT to the internet is easy enough, but how do I prevent the host from
| being NATed if the source or destination is one of the networks I
| specify on the E1 side?
|
Use an access-list which denies the destination networks on the E1 side and
permits all others like:
access-list 101 deny ip 192.168.110.2 x.x.x.x
access-list 101 deny ip 192.168.110.2 y.y.y.y
access-list 101 permit ip 192.168.110.2 any
ip nat inside source list 101 <rest of the command>
- --
=========
bep
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.2 (MingW32)
iD8DBQFAxhqoE1XcgMgrtyYRAsRWAKCct7UXY6up2Zkfz5pVwSF4ogu1+ACcDFrB
TIBNFQ4pxv3hcj3gjg/KvHY=
=J8J3
-----END PGP SIGNATURE-----
More information about the cisco-nsp
mailing list