Solved

SNAT exemption

Posted on 2011-03-03
3
626 Views
Last Modified: 2012-05-11
Hi guys, I am using SNAT on a cisco router to accommodate HSRP redundancy.

My config is:

ip nat pool SNATp 10.220.128.2 10.220.128.2 netmask 255.255.255.248
ip nat inside source route-map SNAT pool SNATp mapping-id 50 overload

On the standby HSRP router, I cannot communicate with the primary as the primary holds the .2 ip address, and due to the SNAT config, any traffic leaving the standby will also have the .2 address. How can I ensure that SNAT is exempt or ignored when .4 talks to .2 and .3 and .3 talks to .2 and .4

Hope that makes sense.
0
Comment
Question by:xyznetworks
  • 2
3 Comments
 
LVL 22

Accepted Solution

by:
Matt V earned 500 total points
ID: 35036724
You should be able to do a deny in your route map for the IPs you do not want to SNAT.
0
 
LVL 22

Expert Comment

by:Matt V
ID: 35036856
In your access list for the route-map match statement, put a deny statement first to deny the IPs you do NOT want SNATed.
0
 

Author Closing Comment

by:xyznetworks
ID: 35090354
Yep this is what I did and it worked, thanks
0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

In this tutorial I will show you with short command examples how to obtain a packet footprint of all traffic flowing thru your Juniper device running ScreenOS. I do not know the exact firmware requirement, but I think the fprofile command is availab…
New Server 172.16.200.2  was moved from behind Router R2 f0/1 to behind router R1 int f/01 and has now address 172.16.100.2. But we want users still to be able to connected to it by old IP. How to do it ? We can used destination NAT (DNAT).  In DNAT…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

911 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

22 Experts available now in Live!

Get 1:1 Help Now