Lowell Switzer
asked on
simple commands to remove dynamic Nat on cisco
I created a dynamic nat and all went will except for I needed one of the static routes I removed. So I need to remove the dynamic and recreate a static and dynamic.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
You dont have to remove your existing dynamic NAT in order to add a static NAT.
Let your dynamic pool exist,
Lets say that you want to do a static nat for 192.168.1.75, then first exempt it from your existing dynamic NAT by adding following entry
access-list 100 line 1 deny ip host 192.168.1.75 any
Then your Dyn NAT ACL should look like this
access-list 100 deny ip host 192.168.1.75 any
access-list 100 permit ip 192.168.1.0 0.0.0.255 any
Then add your static NAT as
ip nat inside source static 192.168.1.75 192.168.95.x
Then your NAT entries should look like this
ip nat inside source list 100 pool MYPOOL100 overload
ip nat inside source static 192.168.1.75 192.168.95.x
If you want port-forwarding functionality from outside, remove 192.168.95.x from MYPOOL's range
Let your dynamic pool exist,
Lets say that you want to do a static nat for 192.168.1.75, then first exempt it from your existing dynamic NAT by adding following entry
access-list 100 line 1 deny ip host 192.168.1.75 any
Then your Dyn NAT ACL should look like this
access-list 100 deny ip host 192.168.1.75 any
access-list 100 permit ip 192.168.1.0 0.0.0.255 any
Then add your static NAT as
ip nat inside source static 192.168.1.75 192.168.95.x
Then your NAT entries should look like this
ip nat inside source list 100 pool MYPOOL100 overload
ip nat inside source static 192.168.1.75 192.168.95.x
If you want port-forwarding functionality from outside, remove 192.168.95.x from MYPOOL's range
ASKER
What is a simple example for remove 192.168.95.x from MYPOOL's range
ASKER
Hello MrHusy,
I tried the remove deny command and received this:
access-list 100 line 1 deny ip host 192.168.1.152 any
^
% Invalid input detected at '^' marker
thanks for your help
I tried the remove deny command and received this:
access-list 100 line 1 deny ip host 192.168.1.152 any
^
% Invalid input detected at '^' marker
thanks for your help
You need to split the pool for that:
no ip nat pool MYPOOL100 192.168.95.2 192.168.95.15 netmask 255.255.255.0
ip nat pool MYPOOL100 prefix-length 24
address 192.168.95.2 192.168.95.4
address 192.168.95.6 192.168.95.15
no ip nat pool MYPOOL100 192.168.95.2 192.168.95.15 netmask 255.255.255.0
ip nat pool MYPOOL100 prefix-length 24
address 192.168.95.2 192.168.95.4
address 192.168.95.6 192.168.95.15
ASKER
I just want to remove the 192.168.95.2, what is the best or cleanest way.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Thanks,
I understand the commands and I will run them about 6pm and will reply then.
Thanks again.
I understand the commands and I will run them about 6pm and will reply then.
Thanks again.
ASKER
I had to run everything now - cause of conflicts, everything looks like it went fine exept the last
command
do clear xlate
^
% Invalid input detected at '^' marker
command
do clear xlate
^
% Invalid input detected at '^' marker
if do clear xlate not working, then simply issue clear xlate
this command is used for clearing existing NAT connections and establish new ones conforming the new settings
this command is used for clearing existing NAT connections and establish new ones conforming the new settings
ASKER
Because of the way I asked the question Erniebeek was corrected, and because I had been working with MrHusy on the prior question he actually know or had a better solution for me.
Thanks to the both of you.
Thanks to the both of you.
You can't beat that extra knowledge ;)
Thx for the points.
Thx for the points.
ASKER
no ip http server
ip nat pool MYPOOL100 192.168.95.2 192.168.95.15 netmask 255.255.255.0
ip nat inside source list 100 pool MYPOOL100 overload
!
access-list 100 permit ip 192.168.1.0 0.0.0.255 any
snmp-server community public RO