I am playing with some basic ios nat and cant get it to work the way I want.
On my "inside" I have a client at 10.0.20.100. I want to hide that Ip for outbound traffic. First I do it with a nat pool, like this: interface FastEthernet0 ip address 10.0.13.2 255.255.255.0 ip nat enable interface FastEthernet1 ip address 10.0.20.1 255.255.255.0 ip nat enable ip access-list extended ACL_INSIDE_NAT permit ip 10.0.20.0 0.0.0.255 any ip nat pool MYNATPOOL 10.99.99.99 10.99.99.199 netmask 255.255.255.0 add-route ip nat source list ACL_INSIDE_NAT pool MYNATPOOL All is fine and my client can access an outside web-server, hidden behind an 10.99.99-address (after redistributing statics so that my outside network know about the 10.99.99-network). Then I want o modify it so that everything on 10.0.20.0/24 keeps hidden behind that pool EXCEPT for my host .100. I add this: ip access-list extended ACL_INSIDE_NAT deny ip host 10.0.20.100 any permit ip 10.0.20.0 0.0.0.255 any (Denying traffic from my host to make it NOT being nated with my pool) r3(config)#ip nat source static 10.0.20.100 10.99.98.100 r3(config)# *Jan 20 14:44:13.147: %Non-Static entry already exists 1) Why cant I do that? I cant see that my ip nat source pool conflicts with my ip nat source static. 2) How do I solve this? 3) How do I redistribute knowledge of this 10.99.98-address? I miss the ability to add "add-route" at the end of the ip nat source static line. If I am suppose to solve this with a static route in the config, what should I point nexthop to? Br Jimmy -- ------- Jimmy Larsson Ryavagen 173 s-26030 Vallakra Sweden http://blogg.kvistofta.nu -------
_______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com
