Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

831 config - port forwarding all but IPv6 (protocol 41)

Hi,

I have an 831 on an Internet connection with a single static IP and running NAT. I'm trying to configure it to terminate an IPv6 tunnel and then port forward all other incoming traffic to a specific internal host. I've tried:

ip nat inside source static 192.168.0.2 <external ip>

..and this forwards everything internally to 192.168.0.2 but the problem is that it also forwards the protocol 41 packets right through so the tunnel defined on the 831 doesn't even see them. I need to forward a ton of TCP ports as well as IPSec traffic so I'm trying to avoid a bunch of individual statements like this:

ip nat inside source static tcp 192.168.0.1 80 <external ip> 80

Does anyone know if this is possible? Can I somehow tell it to ignore the static NAT rule if the traffic is protocol 41? Or if the source address is the IPv6 tunnel endpoint?

Thanks,

Owen

1 REPLY
New Member

Re: 831 config - port forwarding all but IPv6 (protocol 41)

Use an extended access-list to deny protocol 41, then either reference that list in your NAT statement or in a route-map.

ip access-list extended no-ipv6

deny 41 any any

permit ip any any

--or--

ip access-list extended no-ipv6-host

deny 41 host 192.168.0.1 host

permit ip host 192.168.0.1 host

Or just deny the tunnel endpoint by host address for all protocols.

648
Views
0
Helpful
1
Replies
CreatePlease login to create content