Hi,
This is an example where I have used only an ACL directly with NAT
Extended IP access list Internet-Access
10 deny ip 10.4.1.0 0.0.0.255 10.0.0.0 0.255.255.255 (19024 matches)
20 deny ip 10.4.0.0 0.0.255.255 10.0.0.0 0.255.255.255 (4 matches)
30 deny ip 10.4.0.0 0.0.255.255 192.168.0.0 0.0.255.255 (50490 matches)
40 deny ip 10.4.1.0 0.0.0.255 192.168.0.0 0.0.255.255
50 deny ip 10.4.0.0 0.0.255.255 10.250.50.0 0.0.0.255
60 deny ip 10.4.0.0 0.0.255.255 10.251.50.0 0.0.0.255
70 permit ip 10.4.1.0 0.0.0.255 any (1019086 matches)
80 permit ip host 10.4.6.1 any
ip nat inside source list Internet-Access interface FastEthernet0/1 overload
If you want to use route-map I am not sure but you can try the following:
Keep the denies/permits in the ACL, and keep the route-map logic as permit
and attach the ACL, and then attach the route-map to the nat statement as
you have done.
Best Regards,
On Wed, Aug 18, 2010 at 9:16 PM, Edward John
<edwardjohn2020_at_googlemail.com>wrote:
> Shiran,
>
> I am using extended acl, where I want to prevent NATting, from host
> 10.1.8.8 to other vpn destinations.
> I need NAT to be happened for the source ip 10.1.8.8 to other than vpn
> destination..
>
> Am I missing anything here?
>
> Rgds,
> John
>
>
> Blogs and organic groups at http://www.ccie.net
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
>
>
>
>
>
>
>
>
-- KJ Blogs and organic groups at http://www.ccie.netReceived on Wed Aug 18 2010 - 21:30:57 ART
This archive was generated by hypermail 2.2.0 : Wed Sep 01 2010 - 11:20:52 ART