[c-nsp] policy and static nat mix?
Peter Serwe
peter.serwe at gmail.com
Fri Jan 7 14:24:59 EST 2011
Right, it's inside to outside. I don't care about outside to inside so
much.
I have global, but it's not being used because there's a static.
I guess, I need to figure out how to exclude this particular subnet from the
existing static that's catching everything.
Peter
On Fri, Jan 7, 2011 at 10:58 AM, Ryan West <rwest at zyedge.com> wrote:
> On Jan 7, 2011, at 2:10 AM, Peter Serwe <peter.serwe at gmail.com> wrote:
>
> > I've got static NAT's setup for a network IP, and I want to NAT to a
> > different IP for a particular outside subnet specified in an ACL.
> >
> > That IP is already statically nat'd to another device.
> >
> > I've got the ACL crafted, but I'm unclear how to tie it to the outside I
> > want to tie it to.
> >
> > Just to add to the complexity, that IP is already statically nat'd to
> > another inside address, but on a different inside interface
> >
> > Inbound traffic (initiated from the outside) isn't a huge concern,
> although
> > I'd like to do it for that subnet if possible,
> > inbound return traffic should map back through the NAT (I think).
> >
> > I can't seem to figure out how I can keep both static NAT's but for one
> /29,
> > specifically NAT to a different IP on the outside interface.
> >
>
> If I understand correctly, you’ll need a policy NAT ACL that references
> your internal host to that outside subnet. Then configure a static NAT
> with the public address you want it to translate followed by the
> access-list keyword and NAT ACL.
>
>
>
>
> http://www.cisco.com/en/US/products/ps6120/products_configuration_example09186a00807d2874.shtml
>
>
>
> If you need inside to outside translations to be different, dynamic NAT
> will work for that.
>
>
>
> -ryan
>
--
Peter Serwe
http://truthlightway.blogspot.com/
More information about the cisco-nsp
mailing list