NAT static and connections outside-to-inside

Unanswered Question
Sep 23rd, 2009

Hello,

we have configured static NAT in our internet router. Now the CPU has intervals with 100%. We have seen that is due to NAT entries number. Besides the entries are created by external host that try to connect to Global/public ip address. Is there any way that configure NAT to avoid connections outside-to-inside?. I suppose

that an ACL use established FLAG could help me but I want to know if there is a NAT option to do it.

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Laurent Aubert Wed, 09/23/2009 - 10:40

Hi,

What is your configuration ? what does the nat table look like ?

Thanks

Laurent.

tonio.ojea Thu, 09/24/2009 - 02:02

You could use an access list in your wan interface denying incoming tcp connections with the syn bit active, like this

int FaX/X

desc WAN

ip access-group 135 in

ip nat outside

access-list 135 deny tcp any (publicIp) (public network) syn

access-list 135 permit any any

Actions

This Discussion