static NAT with route-map

Unanswered Question
Jan 25th, 2009
User Badges:

Hi everyone,

i need to know if the following problem can be solved with an ISR x800 (adv sec image) and if it can, how.

The problem is: i have a single public ip and a server inside with a private ip.

I need to forward tcp (port 85) trafic coming from some public addresses to the internal server on port 86; and the rest of the internet coming on the same port (85) to the same internal server, but on other port (88).

I was thinking about someting like:


access-list extended ACL_1

permit ip the_public_ip_1 my_public_ip

permit ip the_public_ip_2 my_public_ip


route-map RMAP_1

match ip address ACL_1


access-list extended ACL_2

deny ip the_public_ip_1 my_public_ip

deny ip the_public_ip_2 my_public_ip

permit ip any any


route-map RMAP_2

match ip address ACL_2


ip nat inside source static tcp 192.168.0.10 86 2.2.2.2 85 route-map RMAP_1 reversible


ip nat inside source static tcp 192.168.0.10 88 2.2.2.2 85 route-map RMAP_2 reversible


But it does not work.

Any ideeas?

The reason for needing this is because i need to migrate from a linux to cisco and on the linux box it can be done.



Thanks

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Giuseppe Larosa Sun, 01/25/2009 - 03:10
User Badges:
  • Super Silver, 17500 points or more
  • Hall of Fame,

    Founding Member

Hello Costin,

I remember a similar thread of some mounths ago.


From the command reference of 12.4 the syntax of command ip nat inside source is described as follows:


ip nat inside source static {tcp | udp {local-ip local-port global-ip global-port | interface global-port}} [extendable | mapping-id map-id | no-alias | no-payload | redundancy group-name | route-map | reversible | vrf name] [match-in-vrf]


see


http://www.cisco.com/en/US/docs/ios/ipaddr/command/reference/iad_nat.html#wp1011696



in that case was the combination of static NAT on specific TCP ports that didn't work with a route-map.

A static NAT not port based was able to invoke and use a route-map instead a NAT port specific NAT not.

the command syntax says that some parameters are in or when you see "|"


So you may be facing a functional limitation of IOS.



Hope to help

Giuseppe


Actions

This Discussion