[rbak-nsp] Policy NAT

Илья Савин savin at orn.ru
Wed Aug 4 08:44:08 EDT 2010


Hi.

I've used this:

 ip nat pool pool192 napt multibind
  address 80.76.188.251 to 80.76.188.251
!
 nat policy office
! Default class
  ignore
! Named classes
  access-group for_nat
   class NAT
    pool pool192 office

 policy access-list for_nat
  seq 3 permit ip 192.168.188.0 0.0.0.255 80.76.188.0 0.0.0.255 class NONAT
  seq 4 permit ip 192.168.188.0 0.0.0.255 192.168.0.0 0.0.255.255 class
NONAT
  seq 10 permit ip 192.168.188.0 0.0.0.255 any class NAT


Try to use this policy ACL:

 policy access-list for_nat
  seq 3 permit ip 10.0.0.0 0.0.0.255 20.0.0.0 0.0.0.255 class NONAT
  seq 10 permit ip 10.0.0.0 0.0.0.255 any any class NAT


WBR, Ilya Savin.

2010/8/4 Vladislav Vasilev <vvasilev at vvasilev.net>

> Hello!
>
> I couldn't find a way to configure the following NAT scenario:
>
> 1. NO-NAT 10.0.0.0 0.0.0.255 20.0.0.0 0.0.0.255
> 2. NAT 10.0.0.0 0.0.0.255 any
>
> I thought I would just add a deny statement for 1 before the permit
> statement for 2 in the policy access-list but this is not possible.
>
> Then I tried to go the opposite way:
>
> nat policy NAT_POLICY
> ! Default class
>  pool NAT_POOL INTERNET
> ! Named classes
>  access-group NO-NAT
>   class NO-NAT
>   ignore
>
> But then I am not able to define a policy access list for the default
> class.
>
> Any ideas?
>
> Thank you!
>
>
> Regards,
> V.Vasilev
> _______________________________________________
> redback-nsp mailing list
> redback-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/redback-nsp
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://puck.nether.net/pipermail/redback-nsp/attachments/20100804/b6ebb133/attachment.html>


More information about the redback-nsp mailing list