Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
808
Views
0
Helpful
1
Replies

831 config - port forwarding all but IPv6 (protocol 41)

owen914914
Level 1
Level 1

‎06-22-2008 06:40 PM - edited ‎03-03-2019 10:27 PM

Hi,

I have an 831 on an Internet connection with a single static IP and running NAT. I'm trying to configure it to terminate an IPv6 tunnel and then port forward all other incoming traffic to a specific internal host. I've tried:

ip nat inside source static 192.168.0.2 <external ip>

..and this forwards everything internally to 192.168.0.2 but the problem is that it also forwards the protocol 41 packets right through so the tunnel defined on the 831 doesn't even see them. I need to forward a ton of TCP ports as well as IPSec traffic so I'm trying to avoid a bunch of individual statements like this:

ip nat inside source static tcp 192.168.0.1 80 <external ip> 80

Does anyone know if this is possible? Can I somehow tell it to ignore the static NAT rule if the traffic is protocol 41? Or if the source address is the IPv6 tunnel endpoint?

Thanks,

Owen

Labels:
0 Helpful
1 Reply 1

hennigan
Level 1
Level 1

‎06-22-2008 09:04 PM

Use an extended access-list to deny protocol 41, then either reference that list in your NAT statement or in a route-map.

ip access-list extended no-ipv6

deny 41 any any

permit ip any any

--or--

ip access-list extended no-ipv6-host

deny 41 host 192.168.0.1 host

permit ip host 192.168.0.1 host

Or just deny the tunnel endpoint by host address for all protocols.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card