[rbak-nsp] Policy NAT
Илья Савин
savin at orn.ru
Wed Aug 4 08:44:08 EDT 2010
Hi.
I've used this:
ip nat pool pool192 napt multibind
address 80.76.188.251 to 80.76.188.251
!
nat policy office
! Default class
ignore
! Named classes
access-group for_nat
class NAT
pool pool192 office
policy access-list for_nat
seq 3 permit ip 192.168.188.0 0.0.0.255 80.76.188.0 0.0.0.255 class NONAT
seq 4 permit ip 192.168.188.0 0.0.0.255 192.168.0.0 0.0.255.255 class
NONAT
seq 10 permit ip 192.168.188.0 0.0.0.255 any class NAT
Try to use this policy ACL:
policy access-list for_nat
seq 3 permit ip 10.0.0.0 0.0.0.255 20.0.0.0 0.0.0.255 class NONAT
seq 10 permit ip 10.0.0.0 0.0.0.255 any any class NAT
WBR, Ilya Savin.
2010/8/4 Vladislav Vasilev <vvasilev at vvasilev.net>
> Hello!
>
> I couldn't find a way to configure the following NAT scenario:
>
> 1. NO-NAT 10.0.0.0 0.0.0.255 20.0.0.0 0.0.0.255
> 2. NAT 10.0.0.0 0.0.0.255 any
>
> I thought I would just add a deny statement for 1 before the permit
> statement for 2 in the policy access-list but this is not possible.
>
> Then I tried to go the opposite way:
>
> nat policy NAT_POLICY
> ! Default class
> pool NAT_POOL INTERNET
> ! Named classes
> access-group NO-NAT
> class NO-NAT
> ignore
>
> But then I am not able to define a policy access list for the default
> class.
>
> Any ideas?
>
> Thank you!
>
>
> Regards,
> V.Vasilev
> _______________________________________________
> redback-nsp mailing list
> redback-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/redback-nsp
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://puck.nether.net/pipermail/redback-nsp/attachments/20100804/b6ebb133/attachment.html>
More information about the redback-nsp
mailing list