Hello Cisco Community,
I need to translate the outside global address for any IP from the Internet when heading to a particular inside local address to a pool of local private ip addresses that are routable within my private EIGRP topology. What is the best way to match that traffic, extended ACL or route-map w/ extended ACL? I already have a static inside nat mapping for this host (ip nat inside source static 'inside local' 'inside global') to change the inside global address to an inside local address that can route in my network. Each external client that accesses our Outlook Web Access service will need to be assigned a unique outside local address since they will all be accessing TCP port 433 from out ISA proxy. On the ISA host, I will route traffic for 10.10.10.0 255.255.255.0 via a static route so that Outlook Web Access traffic head down our backbone network, while web proxy (web surfing) traffic head out a cable router via 0.0.0.0 0.0.0.0. Make sense?
Here is the config I was thinking about below. Any suggestions? I assume I need a loopback address so I can attach the NAT pool's network to it and then inject that route into my EIGRP topology.
ip nat inside source static 'inside local' 'inside global' (This already exists in the router)
ip nat outside source route-map 'route-map-name' pool 'pool-name'
ip nat pool 'pool-name' 10.10.10.2 10.10.10.254 netmask 255.255.255.0 type rotary
route-map permit 'route-map-name'
match ip address 100
access-list 100 permit ip any host 'inside-global-ip-addr'
ip address 10.10.10.1 netmask 255.255.255.0
router eigrp 1
network 10.10.10.0 0.0.0.255
Not sure what a route-map gains you in this instance as it any address to a specific host so an extended acl should do the trick.
Yes you need to advertise the pool network internally so using a loopback on your router and then advertising via EIGRP is a sensible way to go.