How do you allow some addresses behind a Cisco NAT interface through without translation, while others are translated?
Posted on 2006-10-30
I have a Cisco 1750 router (soon to be a Cisco 2611) that is separating the networks of two corporate entities. The Ethernet interface connects to a VLAN on one corporate network (10.1.1.0 255.255.255.224) and the Serial interface connects via T1 to another series of corporate networks (192.168.10.0 255.255.255.0). The Ethernet interface has an IP address of 10.1.1.1 and the Serial interface has an IP of 192.168.10.1. I am running NAT on the router, with the Ethernet as the Outside interface and the Serial as the Inside interface. I overload the Ethernet interface with an ACL permitting access by hosts on the internal networks through the interface. I also have a few static NATs to certain host printers on the inside networks that are assigned IP addresses in the 10.1.1.2 - 10.1.1.10 range.
The problem: I need to allow a few host computers on the network directly connect to the Outside Ethernet interface to pass through the interface untranslated - no NAT at all. The hosts should be able to see everything as if NAT wasn't there. I'm sure that I need to use an extended ACL to get this done, but I'm unsure of the specific statements. Anyone care to give this one a shot? It would be much appreciated!