IIRC NAT occurs after routing, therefore it traffic is simply routed between inside interfaces, it should never be NATed.
You could, however, always do something like this in the ACL which decides what traffic is NATed: ip nat inside source list 100 interface WAN overload ! access-list 100 deny ip 192.168.0.0 0.0.255.255 10.0.0.0 0.0.0.255 access-list 100 deny ip 192.168.0.0 0.0.255.255 192.168.0.0 0.0.255.255 access-list 100 permit ip 192.168.0.0 0.0.255.255 any where 192.168.0.0/16 encapsulates your private networks, and 10.0.0.0/24 is your DMZ - for example. Tom ----- Original Message ----- From: "Gert Doering" <[EMAIL PROTECTED]> To: "Sridhar Ayengar" <[EMAIL PROTECTED]> Cc: "Cisco NSPs" <[email protected]> Sent: Friday, June 29, 2007 6:52 PM Subject: Re: [c-nsp] NAT Question > Hi, > > On Fri, Jun 29, 2007 at 05:06:42AM -0400, Sridhar Ayengar wrote: > > What I can't figure out is how to configure the network for the servers. > > Make them "neither inside nor outside" - then packets will never be NATted > coming from this interface, or going towards it. > > This is the cool thing about the classic IOS NAT - you can do things like this. > > gert > -- > USENET is *not* the non-clickable part of WWW! > //www.muc.de/~gert/ > Gert Doering - Munich, Germany [EMAIL PROTECTED] > fax: +49-89-35655025 [EMAIL PROTECTED] > _______________________________________________ > cisco-nsp mailing list [email protected] > https://puck.nether.net/mailman/listinfo/cisco-nsp > archive at http://puck.nether.net/pipermail/cisco-nsp/ _______________________________________________ cisco-nsp mailing list [email protected] https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
