We help IT Professionals succeed at work.

simple commands to remove dynamic Nat on cisco

Lowell Switzer
on
I created a dynamic nat and all went will except for I needed one of the static routes I removed. So I need to remove the dynamic and recreate a static and dynamic.
Comment
Watch Question

Lowell SwitzerCTO / Systems Engineer

Author

Commented:
This is what I want to remove then redo

no ip http server
ip nat pool MYPOOL100 192.168.95.2 192.168.95.15 netmask 255.255.255.0
ip nat inside source list 100 pool MYPOOL100 overload
!
access-list 100 permit ip 192.168.1.0 0.0.0.255 any
snmp-server community public RO
Ernie BeekSenior infrastructure engineer
Top Expert 2012
Commented:
To remove a line, just enter a no in front, like:
no ip nat pool MYPOOL100 192.168.95.2 192.168.95.15 netmask 255.255.255.0
That should do the trick.
Top Expert 2007

Commented:
You dont have to remove your existing dynamic NAT in order to add a static NAT.
Let your dynamic pool exist,

Lets say that you want to do a static nat for 192.168.1.75, then first exempt it from your existing dynamic NAT by adding following entry

access-list 100 line 1 deny ip host 192.168.1.75 any

Then your Dyn NAT ACL should look like this


access-list 100 deny ip host 192.168.1.75 any
access-list 100 permit ip 192.168.1.0 0.0.0.255 any

Then add your static NAT as

ip nat inside source static 192.168.1.75 192.168.95.x

Then your NAT entries should look like this

ip nat inside source list 100 pool MYPOOL100 overload
ip nat inside source static 192.168.1.75 192.168.95.x

If you want port-forwarding functionality from outside, remove 192.168.95.x from MYPOOL's range
Lowell SwitzerCTO / Systems Engineer

Author

Commented:
What is a simple example for remove 192.168.95.x from MYPOOL's range
Lowell SwitzerCTO / Systems Engineer

Author

Commented:
Hello MrHusy,

I tried the remove deny command and received this:

access-list 100 line 1 deny ip host 192.168.1.152 any
                                  ^
% Invalid input detected at '^' marker

thanks for your help
Ernie BeekSenior infrastructure engineer
Top Expert 2012

Commented:
You need to split the pool for that:

no ip nat pool MYPOOL100 192.168.95.2 192.168.95.15 netmask 255.255.255.0
ip nat pool MYPOOL100 prefix-length 24
 address 192.168.95.2 192.168.95.4
 address 192.168.95.6 192.168.95.15
Lowell SwitzerCTO / Systems Engineer

Author

Commented:
I just want to remove the 192.168.95.2, what is the best or cleanest way.
Top Expert 2007
Commented:
Issue the following commands in their "respective order!", where x is the IP in your inside

no ip nat inside source list 100 pool MYPOOL100 overload
no ip nat pool MYPOOL100 192.168.95.2 192.168.95.15 netmask 255.255.255.0
ip nat pool MYPOOL100 192.168.95.3 192.168.95.15 netmask 255.255.255.0

no access-list 100 permit ip 192.168.1.0 0.0.0.255 any
access-list 100 deny ip host 192.168.1.x any
access-list 100 permit ip 192.168.1.0 0.0.0.255 any

ip nat inside source list 100 pool MYPOOL100 overload
ip nat inside source static 192.168.1.x 192.168.95.2

do clear xlate
Lowell SwitzerCTO / Systems Engineer

Author

Commented:
Thanks,

I understand the commands and I will run them about 6pm and will reply then.

Thanks again.
Lowell SwitzerCTO / Systems Engineer

Author

Commented:
I had to run everything now - cause of conflicts, everything looks like it went fine exept the last
command

do clear xlate
               ^
% Invalid input detected at '^' marker

Top Expert 2007

Commented:
if do clear xlate not working, then simply issue clear xlate
this command is used for clearing existing NAT connections and establish new ones conforming the new settings
Lowell SwitzerCTO / Systems Engineer

Author

Commented:
Because of the way I asked the question Erniebeek was corrected, and because I had been working with MrHusy on the prior question he actually know or had a better solution for me.

Thanks to the both of you.
Ernie BeekSenior infrastructure engineer
Top Expert 2012

Commented:
You can't beat that extra knowledge ;)
Thx for the points.