<html>
<head>
<meta content="text/html; charset=ISO-8859-1"
http-equiv="Content-Type">
</head>
<body bgcolor="#FFFFFF" text="#000000">
I usually see this in configs where ipsec is in use. Then, the
intention is that packets destined to go across the VPN tunnel are
excluded from NAT.<br>
<br>
Happy to discuss off-list.<br>
<br>
<br>
<div class="moz-cite-prefix">On 1/12/2013 2:32 PM, Jacob Bisby
wrote:<br>
</div>
<blockquote cite="mid:529AADBB.7060000@jdmnet.com.au" type="cite">
<meta content="text/html; charset=ISO-8859-1"
http-equiv="Content-Type">
<div class="moz-cite-prefix">Hi All<br>
<br>
Thanks for the help so far - it's now at the point where I feel
like this needs to go on-list though.<br>
<br>
The other's have so far helped me determine what the following
line of config is supposed to achieve:<br>
<br>
ip nat inside source static tcp PRIVATEADDRESS PRIVATEPORT
PUBLICADDRESS PUBLICPORT route-map AAPT extendable<br>
<br>
My initial question was what does the route-map statement
achieve? I have never seen it put at the end of a "port-forward"
before.<br>
<br>
In this case, that route-map matches against a specific WAN
interface, and an ACL that lists a whole bunch of
private-subnets as sources to "any". It was explained to me that
it's likely to be some form of destination based NAT but it has
us a little stumped still. However the route-map actually does
not look like it was designed specifically for this translation
at all and is used in other contexts through-out the
configuration.<br>
<br>
Normally I would drop the topic here, re-do the config my way
and be done with it. However, apparently Cisco TAC made this
configuration and I'm not too keen on assuming they've done
something wrong.<br>
<br>
My question is - at what point would a dedicated WAN interface
see (legitimate) inbound packets sourced from a private subnet?
Can anyone shed a little light on what this may possibly be
trying to achieve? I am limited in the configuration examples
that I can give so apologies in advance.<br>
<br>
Thanks<br>
<br>
- Jacob<br>
On 29/11/2013 4:44 PM, Jacob Bisby wrote:<br>
</div>
<blockquote cite="mid:529853EC.2080500@jdmnet.com.au" type="cite">
<meta http-equiv="content-type" content="text/html;
charset=ISO-8859-1">
<font size="-1"><font face="Arial">Hi All<br>
<br>
Looking for someone to ping me off-list - just need some
quick assistance / QA with some Cisco NAT / route-map
config, have found some config which I can't find any
documented examples of and I'm not entirely sure what it's
achieving.<br>
<br>
Thanks in advance<br>
<br>
- Jacob<br>
</font></font> <br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<br>
<pre wrap="">_______________________________________________
AusNOG mailing list
<a moz-do-not-send="true" class="moz-txt-link-abbreviated" href="mailto:AusNOG@lists.ausnog.net">AusNOG@lists.ausnog.net</a>
<a moz-do-not-send="true" class="moz-txt-link-freetext" href="http://lists.ausnog.net/mailman/listinfo/ausnog">http://lists.ausnog.net/mailman/listinfo/ausnog</a>
</pre>
</blockquote>
<br>
<br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<br>
<pre wrap="">_______________________________________________
AusNOG mailing list
<a class="moz-txt-link-abbreviated" href="mailto:AusNOG@lists.ausnog.net">AusNOG@lists.ausnog.net</a>
<a class="moz-txt-link-freetext" href="http://lists.ausnog.net/mailman/listinfo/ausnog">http://lists.ausnog.net/mailman/listinfo/ausnog</a>
</pre>
</blockquote>
<br>
</body>
</html>