Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
640
Views
0
Helpful
1
Replies

static NAT with route-map

costin.vilcu
Level 1
Level 1

‎01-25-2009 12:14 AM - edited ‎03-04-2019 12:57 AM

Hi everyone,

i need to know if the following problem can be solved with an ISR x800 (adv sec image) and if it can, how.

The problem is: i have a single public ip and a server inside with a private ip.

I need to forward tcp (port 85) trafic coming from some public addresses to the internal server on port 86; and the rest of the internet coming on the same port (85) to the same internal server, but on other port (88).

I was thinking about someting like:

access-list extended ACL_1

permit ip the_public_ip_1 my_public_ip

permit ip the_public_ip_2 my_public_ip

route-map RMAP_1

match ip address ACL_1

access-list extended ACL_2

deny ip the_public_ip_1 my_public_ip

deny ip the_public_ip_2 my_public_ip

permit ip any any

route-map RMAP_2

match ip address ACL_2

ip nat inside source static tcp 192.168.0.10 86 2.2.2.2 85 route-map RMAP_1 reversible

ip nat inside source static tcp 192.168.0.10 88 2.2.2.2 85 route-map RMAP_2 reversible

But it does not work.

Any ideeas?

The reason for needing this is because i need to migrate from a linux to cisco and on the linux box it can be done.

Thanks

Labels:
0 Helpful
1 Reply 1

Giuseppe Larosa
Hall of Fame
Hall of Fame

‎01-25-2009 03:10 AM

Hello Costin,

I remember a similar thread of some mounths ago.

From the command reference of 12.4 the syntax of command ip nat inside source is described as follows:

ip nat inside source static {tcp | udp {local-ip local-port global-ip global-port | interface global-port}} [extendable | mapping-id map-id | no-alias | no-payload | redundancy group-name | route-map | reversible | vrf name] [match-in-vrf]

see

http://www.cisco.com/en/US/docs/ios/ipaddr/command/reference/iad_nat.html#wp1011696

in that case was the combination of static NAT on specific TCP ports that didn't work with a route-map.

A static NAT not port based was able to invoke and use a route-map instead a NAT port specific NAT not.

the command syntax says that some parameters are in or when you see "|"

So you may be facing a functional limitation of IOS.

Hope to help

Giuseppe

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card