06-18-2017 12:15 AM - edited 03-05-2019 08:43 AM
Even if my config looks like this;
ip nat inside source route-map nonat interface GigabitEthernet0/1 overload
ip nat inside source static tcp 192.168.1.10 3389 50.50.50.50 3389 route-map outside-connect
route-map outside-connect deny 5
match ip address 103
access-list 103 permit ip any any
I still get RDP access to the host.
#show ip access-list
Extended IP access list 103
10 permit ip any any (812722 matches)
#show route-map
route-map outside-connect, deny, sequence 5
Match clauses:
ip address (access-lists): 103
Policy routing matches: 0 packets, 0 bytes
I would like to lock down access to only a few hosts, any help?
06-18-2017 11:50 AM
Hello,
as far as I recall, for conditional NAT you need to permit the route map. If you want to just allow access for a few hosts, the configuration would look like this:
ip nat inside source static tcp 192.168.1.10 3389 50.50.50.50 3389 route-map outside-connect
route-map outside-connect permit 10
match ip address 103
access-list 103 permit ip host x.x.x.x any
access-list 103 permit ip host y.y.y.y any
06-21-2017 08:20 AM
The route map doesn't manipulate traffic either way.
06-21-2017 10:59 AM
Hello,
can you post the full configuration of your router...
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide