Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

NAT static and connections outside-to-inside

Hello,

we have configured static NAT in our internet router. Now the CPU has intervals with 100%. We have seen that is due to NAT entries number. Besides the entries are created by external host that try to connect to Global/public ip address. Is there any way that configure NAT to avoid connections outside-to-inside?. I suppose

that an ACL use established FLAG could help me but I want to know if there is a NAT option to do it.

3 REPLIES
Cisco Employee

Re: NAT static and connections outside-to-inside

Hi,

What is your configuration ? what does the nat table look like ?

Thanks

Laurent.

Hall of Fame Super Gold

Re: NAT static and connections outside-to-inside

And very important, which router is this and how much traffic you have.

New Member

Re: NAT static and connections outside-to-inside

You could use an access list in your wan interface denying incoming tcp connections with the syn bit active, like this

int FaX/X

desc WAN

ip access-group 135 in

ip nat outside

access-list 135 deny tcp any (publicIp) (public network) syn

access-list 135 permit any any

127
Views
0
Helpful
3
Replies