06-05-2007 06:00 AM
is there a way to search or filter for a specific nat translation instead of having to look through the whole list?
06-05-2007 06:16 AM
Hi,
Kindly use:
router#show ip nat translations | include
Where x is the part of the line (ex: IP address) you want to filter with.
HTH, please do rate all helpful replies,
Mohammed Mahmoud.
06-05-2007 06:29 AM
Thanks so much. Another question:
I have found the ip address and I see a connection established to an external server, the problem in I have denied the ip address in the acl from any outside connections.
here is my acl:
access-list 101 deny ip host 10.10.10.109 any
but the nat translation shows an ipsec vpn nat-T connection on port 4500.
how do I block this?
06-05-2007 06:41 AM
Hi,
You are always welcomed :)
This issue is due to the NAT order of operation as the output access list is checked after the NAT is done, to solve this issue, put in input access list on the LAN interface to deny the traffic when it is entered before being NATed.
http://www.cisco.com/en/US/tech/tk648/tk361/technologies_tech_note09186a0080133ddd.shtml
HTH, please do rate all helpful replies,
Mohammed Mahmoud.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide