Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
892
Views
4
Helpful
3
Replies

searching for nat translations

brianjp2472
Level 1
Level 1

‎06-05-2007 06:00 AM

is there a way to search or filter for a specific nat translation instead of having to look through the whole list?

Labels:
0 Helpful
3 Replies 3

mohammedmahmoud
Level 11
Level 11

‎06-05-2007 06:16 AM

Hi,

Kindly use:

router#show ip nat translations | include

Where x is the part of the line (ex: IP address) you want to filter with.

HTH, please do rate all helpful replies,

Mohammed Mahmoud.

0 Helpful

brianjp2472
Level 1
Level 1
In response to mohammedmahmoud

‎06-05-2007 06:29 AM

Thanks so much. Another question:

I have found the ip address and I see a connection established to an external server, the problem in I have denied the ip address in the acl from any outside connections.

here is my acl:

access-list 101 deny ip host 10.10.10.109 any

but the nat translation shows an ipsec vpn nat-T connection on port 4500.

how do I block this?

0 Helpful

mohammedmahmoud
Level 11
Level 11
In response to brianjp2472

‎06-05-2007 06:41 AM

Hi,

You are always welcomed :)

This issue is due to the NAT order of operation as the output access list is checked after the NAT is done, to solve this issue, put in input access list on the LAN interface to deny the traffic when it is entered before being NATed.

http://www.cisco.com/en/US/tech/tk648/tk361/technologies_tech_note09186a0080133ddd.shtml

HTH, please do rate all helpful replies,

Mohammed Mahmoud.

Customers Also Viewed These Support Documents