[AusNOG] Assistance needed with Cisco NAT & Route-maps

Tim Sheahan sheahant at mytelecom.com.au
Sun Dec 1 15:38:16 EST 2013


I usually see this in configs where ipsec is in use. Then, the intention 
is that packets destined to go across the VPN tunnel are excluded from NAT.

Happy to discuss off-list.


On 1/12/2013 2:32 PM, Jacob Bisby wrote:
> Hi All
>
> Thanks for the help so far - it's now at the point where I feel like 
> this needs to go on-list though.
>
> The other's have so far helped me determine what the following line of 
> config is supposed to achieve:
>
> ip nat inside source static tcp PRIVATEADDRESS PRIVATEPORT 
> PUBLICADDRESS PUBLICPORT route-map AAPT extendable
>
> My initial question was what does the route-map statement achieve? I 
> have never seen it put at the end of a "port-forward" before.
>
> In this case, that route-map matches against a specific WAN interface, 
> and an ACL that lists a whole bunch of private-subnets as sources to 
> "any". It was explained to me that it's likely to be some form of 
> destination based NAT but it has us a little stumped still. However 
> the route-map actually does not look like it was designed specifically 
> for this translation at all and is used in other contexts through-out 
> the configuration.
>
> Normally I would drop the topic here, re-do the config my way and be 
> done with it. However, apparently Cisco TAC made this configuration 
> and I'm not too keen on assuming they've done something wrong.
>
> My question is - at what point would a dedicated WAN interface see 
> (legitimate) inbound packets sourced from a private subnet? Can anyone 
> shed a little light on what this may possibly be trying to achieve? I 
> am limited in the configuration examples that I can give so apologies 
> in advance.
>
> Thanks
>
> - Jacob
> On 29/11/2013 4:44 PM, Jacob Bisby wrote:
>> Hi All
>>
>> Looking for someone to ping me off-list - just need some quick 
>> assistance / QA with some Cisco NAT / route-map config, have found 
>> some config which I can't find any documented examples of and I'm not 
>> entirely sure what it's achieving.
>>
>> Thanks in advance
>>
>> - Jacob
>>
>>
>> _______________________________________________
>> AusNOG mailing list
>> AusNOG at lists.ausnog.net
>> http://lists.ausnog.net/mailman/listinfo/ausnog
>
>
>
> _______________________________________________
> AusNOG mailing list
> AusNOG at lists.ausnog.net
> http://lists.ausnog.net/mailman/listinfo/ausnog

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.ausnog.net/pipermail/ausnog/attachments/20131201/d03f1c69/attachment.html>


More information about the AusNOG mailing list