[AusNOG] Assistance needed with Cisco NAT & Route-maps

PRK ausnog at digitaljunkie.net
Sun Dec 1 15:53:52 EST 2013 

 

Is this what you're looking for? 

https://supportforums.cisco.com/docs/DOC-5061 

It looks like the route-map is used to refer to an ACL to permit or deny
specific traffic from matching the static NAT rule. 

Is your route-map in question a simple one stanza which matches an ACL? 

Or does it have multiple stanzas / match multiple ACLs / take actions
(eg set next-hops, etc)? 

prk. 

On 2013-12-01 14:32, Jacob Bisby wrote: 

> Hi All
> 
> Thanks for the help so far - it's now at the point where I feel like this needs to go on-list though.
> 
> The other's have so far helped me determine what the following line of config is supposed to achieve:
> 
> ip nat inside source static tcp PRIVATEADDRESS PRIVATEPORT PUBLICADDRESS PUBLICPORT route-map AAPT extendable
> 
> My initial question was what does the route-map statement achieve? I have never seen it put at the end of a "port-forward" before.
> 
> In this case, that route-map matches against a specific WAN interface, and an ACL that lists a whole bunch of private-subnets as sources to "any". It was explained to me that it's likely to be some form of destination based NAT but it has us a little stumped still. However the route-map actually does not look like it was designed specifically for this translation at all and is used in other contexts through-out the configuration.
> 
> Normally I would drop the topic here, re-do the config my way and be done with it. However, apparently Cisco TAC made this configuration and I'm not too keen on assuming they've done something wrong.
> 
> My question is - at what point would a dedicated WAN interface see (legitimate) inbound packets sourced from a private subnet? Can anyone shed a little light on what this may possibly be trying to achieve? I am limited in the configuration examples that I can give so apologies in advance.
> 
> Thanks
> 
> - Jacob
> On 29/11/2013 4:44 PM, Jacob Bisby wrote: 
> 
>> Hi All
>> 
>> Looking for someone to ping me off-list - just need some quick assistance / QA with some Cisco NAT / route-map config, have found some config which I can't find any documented examples of and I'm not entirely sure what it's achieving.
>> 
>> Thanks in advance
>> 
>> - Jacob
>> 
>> _______________________________________________
>> AusNOG mailing list
>> AusNOG at lists.ausnog.net
>> http://lists.ausnog.net/mailman/listinfo/ausnog [1]
> 
> _______________________________________________
> AusNOG mailing list
> AusNOG at lists.ausnog.net
> http://lists.ausnog.net/mailman/listinfo/ausnog [1]
 

Links:
------
[1] http://lists.ausnog.net/mailman/listinfo/ausnog
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.ausnog.net/pipermail/ausnog/attachments/20131201/9d76e94c/attachment.html>

More information about the AusNOG mailing list