09-23-2009 06:14 AM - edited 03-04-2019 06:08 AM
Hello,
we have configured static NAT in our internet router. Now the CPU has intervals with 100%. We have seen that is due to NAT entries number. Besides the entries are created by external host that try to connect to Global/public ip address. Is there any way that configure NAT to avoid connections outside-to-inside?. I suppose
that an ACL use established FLAG could help me but I want to know if there is a NAT option to do it.
09-23-2009 10:40 AM
Hi,
What is your configuration ? what does the nat table look like ?
Thanks
Laurent.
09-23-2009 11:13 AM
And very important, which router is this and how much traffic you have.
09-24-2009 02:02 AM
You could use an access list in your wan interface denying incoming tcp connections with the syn bit active, like this
int FaX/X
desc WAN
ip access-group 135 in
ip nat outside
access-list 135 deny tcp any (publicIp) (public network) syn
access-list 135 permit any any
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: