Re: NAT and any statement

benoit.lecompt · ‎09-24-2007

Hello everybody,

I have many networks that I need to NAT.

I don't know exactly what are these networks so, I tried to nat with an 'any' statment in my ACL.

But, it doesn't works (http://www.cisco.com/warp/public/556/nat-faq.html#qa39)

So I am looking to do this by using a route-map with a 'match interface' condition.

Has anybody tried this before ?

interface GigabitEthernet 0/0

ip nat inside

interface GigabitEthernet 0/1

ip nat outside

route-map NATme permit 10

match interface GigabitEthernet 0/0

ip nat pool NAT-pool 10.10.10.0 10.10.10.7 prefix-length 29 type rotary

ip nat inside source route-map NATme pool NAT-pool

Thanks !

ohassairi · ‎09-24-2007

if you don't know the origin of the paquet, just use an opened acl :acess-list 1 permit any any.

but: be sure g0/0 and 0/1 are L3 and you have a static route that route the trafic through g0/1

paolo bevilacqua · ‎09-24-2007

Hi, as mentioned by the poster and documented per link above, access-list any is not to be used with nat and in fact I found that for source, it causes problems.

paolo bevilacqua · ‎09-24-2007

Try using list with a permit for ip 0.0.0.0 255.255.255.255.

benoit.lecompt · ‎09-25-2007

Yes, but it will become an any any statment:

ip access-list standard 10

permit 0.0.0.0 255.255.255.255

s ip access-lists 10

Standard IP access list 10

permit any

:(

paolo bevilacqua · ‎09-25-2007

Well, have you tried? Let us know.

benoit.lecompt · ‎10-12-2007

Hello,

Yes, I tried this statement and it works but I hope I will not have 'unexpected behavior' has said in http://www.cisco.com/warp/public/556/nat-faq.html#qa39

Thanks

paolo bevilacqua · ‎10-13-2007

Now try to telnet to the router from outside to the outside interface. If it works, you are ok.

Inability to do so, is the 'unexpected behavior' mentioned.

benoit.lecompt · ‎10-13-2007

OK, I will try this asap !

Thank you !