IIRC when you use route-maps you should note that the NAT is session-based (like with twice-NAT) with various consequences: you cannot make new connections into the inside global address without NAPT (PAT) you may use your pool addresses rather quicker than you envisaged rgds Marc
The Long and Winding Road wrote: > > wrote in message > [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > > Is it possible to use extended ip access-lists for NATing. Basically i > want > > traffic from a particular subnet destined for a particular subnet only to > be > > NATed?? All other traffic should not be NATed. > > > > as a follow up - here is an excerpt from the link in the previous message: > > Route Map Approach > The correct way to configure the example in this document is to use route > maps. With a route map approach, you would do the following to translate the > hosts on 10.1.1.0: > > ip nat pool pool-108 131.108.2.1 131.108.2.254 prefix-length 24 > ip nat pool pool-118 131.118.2.1 131.118.2.254 prefix-length 24 > > ip nat inside source route-map MAP-108 pool pool-108 > ip nat inside source route-map MAP-118 pool pool-118 > > interface ethernet0 > ip address 10.1.1.1 255.255.255.0 > ip nat inside > interface ethernet1 > ip address 10.1.2.1 255.255.255.0 > ip nat outside > > access-list 108 permit ip 10.1.1.0 0.0.0.255 131.108.1.0 0.0.0.255 > access-list 118 permit ip 10.1.1.0 0.0.0.255 131.118.1.0 0.0.0.255 > > route-map MAP-108 permit 10 > match ip address 108 > > route-map MAP-118 permit 10 > match ip address 118 > > > > > Cheers > > Simon Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=59314&t=59287 -------------------------------------------------- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
