NAT and any statement

Unanswered Question
Sep 24th, 2007
User Badges:

Hello everybody,

I have many networks that I need to NAT.

I don't know exactly what are these networks so, I tried to nat with an 'any' statment in my ACL.

But, it doesn't works (http://www.cisco.com/warp/public/556/nat-faq.html#qa39)


So I am looking to do this by using a route-map with a 'match interface' condition.

Has anybody tried this before ?


interface GigabitEthernet 0/0

ip nat inside

interface GigabitEthernet 0/1

ip nat outside

route-map NATme permit 10

match interface GigabitEthernet 0/0


ip nat pool NAT-pool 10.10.10.0 10.10.10.7 prefix-length 29 type rotary


ip nat inside source route-map NATme pool NAT-pool



Thanks !

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
ohassairi Mon, 09/24/2007 - 03:55
User Badges:
  • Silver, 250 points or more

if you don't know the origin of the paquet, just use an opened acl :acess-list 1 permit any any.

but: be sure g0/0 and 0/1 are L3 and you have a static route that route the trafic through g0/1

paolo bevilacqua Mon, 09/24/2007 - 11:07
User Badges:
  • Super Gold, 25000 points or more
  • Hall of Fame,

    Founding Member

Hi, as mentioned by the poster and documented per link above, access-list any is not to be used with nat and in fact I found that for source, it causes problems.

paolo bevilacqua Mon, 09/24/2007 - 10:57
User Badges:
  • Super Gold, 25000 points or more
  • Hall of Fame,

    Founding Member

Try using list with a permit for ip 0.0.0.0 255.255.255.255.

benoit.lecompt Tue, 09/25/2007 - 01:10
User Badges:

Yes, but it will become an any any statment:

ip access-list standard 10

permit 0.0.0.0 255.255.255.255


s ip access-lists 10

Standard IP access list 10

permit any


:(



paolo bevilacqua Tue, 09/25/2007 - 02:00
User Badges:
  • Super Gold, 25000 points or more
  • Hall of Fame,

    Founding Member

Well, have you tried? Let us know.

paolo bevilacqua Sat, 10/13/2007 - 02:41
User Badges:
  • Super Gold, 25000 points or more
  • Hall of Fame,

    Founding Member

Now try to telnet to the router from outside to the outside interface. If it works, you are ok.


Inability to do so, is the 'unexpected behavior' mentioned.

Actions

This Discussion