03-24-2009 07:54 AM - edited 03-04-2019 04:03 AM
How do I make sure that only one public address can use a one-to-one static NAT?
I want to make sure that only 63.xx.xx.0 block can reach my two servers.
Will this work?
ip nat inside source static 172.18.75.12 65.xx.xx.2 route-map trusted
ip nat inside source static 172.18.75.13 65.xx.xx.3 route-map trusted
ip access-list extended secure
permit ip host 172.18.75.12 63.xx.xx.0 0.0.0.255
permit ip host 172.18.75.13 63.xx.xx.0 0.0.0.255
route-map trusted permit 10
match ip address secure
03-24-2009 08:31 AM
Jason
I think you may need to change the acl to
permit ip host 65.x.x.2 63.xx.xx.0 0.0.0.255
permit ip host 65.x.x.3 63.xx.xx.0 0.0.0.255
But i would say that NAT is not really used in this way. Far better to just setup the static NAT without a route-map and then tie down access with an acl on the interface.
Jon
03-24-2009 12:23 PM
I'll give it a shot. If it doesn't work then I will have to put the ACL on the interface.
03-24-2009 04:34 PM
So NAT with route map doesn't do what I want.
Now I have to figure out how to construct the ACL, which interface to put it on and which direction it needs to check traffic.
Any ideas?
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: