[nsp] IP NAT question
info at beprojects.com
info at beprojects.com
Tue Jun 8 16:11:27 EDT 2004
Something like this should do it. Basically you are saying if you match the
route-map (which matches the acl), don't nat, otherwise do nat.
route-map NONATSTATIC permit 10
match address 100
access-list 100 deny ip host 192.168.110.2 172.16.0.0 0.0.255.255
access-list 100 deny ip host 192.168.110.2 172.17.0.0 0.0.255.255
access-list 100 permit ip host 192.168.110.2 any
ip nat inside source static 192.168.110.2 1.1.1.1 route-map NONATSTATIC
----- Original Message -----
From: "Eric Helm" <helmwork at ruraltel.net>
To: <cisco-nsp at puck.nether.net>
Sent: Tuesday, June 08, 2004 2:53 PM
Subject: [nsp] IP NAT question
> I have an odd situation that requires an inside host (192.168.110.2) on
> the Ethernet0 port be NATed to a public address on Ethernet1 port for
> internet access, but no NAT for other specific networks that reside on
> the E1 side of the router. Any good suggestions on how to accomplish this?
>
> NAT to the internet is easy enough, but how do I prevent the host from
> being NATed if the source or destination is one of the networks I
> specify on the E1 side?
>
> Thanks,
> /Eric
> _______________________________________________
> cisco-nsp mailing list cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/
>
More information about the cisco-nsp
mailing list