[AusNOG] Assistance needed with Cisco NAT & Route-maps
Jacob Bisby
ausnog at jdmnet.com.au
Sun Dec 1 14:32:11 EST 2013
Hi All
Thanks for the help so far - it's now at the point where I feel like
this needs to go on-list though.
The other's have so far helped me determine what the following line of
config is supposed to achieve:
ip nat inside source static tcp PRIVATEADDRESS PRIVATEPORT PUBLICADDRESS
PUBLICPORT route-map AAPT extendable
My initial question was what does the route-map statement achieve? I
have never seen it put at the end of a "port-forward" before.
In this case, that route-map matches against a specific WAN interface,
and an ACL that lists a whole bunch of private-subnets as sources to
"any". It was explained to me that it's likely to be some form of
destination based NAT but it has us a little stumped still. However the
route-map actually does not look like it was designed specifically for
this translation at all and is used in other contexts through-out the
configuration.
Normally I would drop the topic here, re-do the config my way and be
done with it. However, apparently Cisco TAC made this configuration and
I'm not too keen on assuming they've done something wrong.
My question is - at what point would a dedicated WAN interface see
(legitimate) inbound packets sourced from a private subnet? Can anyone
shed a little light on what this may possibly be trying to achieve? I am
limited in the configuration examples that I can give so apologies in
advance.
Thanks
- Jacob
On 29/11/2013 4:44 PM, Jacob Bisby wrote:
> Hi All
>
> Looking for someone to ping me off-list - just need some quick
> assistance / QA with some Cisco NAT / route-map config, have found
> some config which I can't find any documented examples of and I'm not
> entirely sure what it's achieving.
>
> Thanks in advance
>
> - Jacob
>
>
> _______________________________________________
> AusNOG mailing list
> AusNOG at lists.ausnog.net
> http://lists.ausnog.net/mailman/listinfo/ausnog
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.ausnog.net/pipermail/ausnog/attachments/20131201/b4ec1f5e/attachment.html>
More information about the AusNOG
mailing list