Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
374
Views
0
Helpful
3
Replies

NAT static and connections outside-to-inside

antonio.guirado
Level 3
Level 3

‎09-23-2009 06:14 AM - edited ‎03-04-2019 06:08 AM

Hello,

we have configured static NAT in our internet router. Now the CPU has intervals with 100%. We have seen that is due to NAT entries number. Besides the entries are created by external host that try to connect to Global/public ip address. Is there any way that configure NAT to avoid connections outside-to-inside?. I suppose

that an ACL use established FLAG could help me but I want to know if there is a NAT option to do it.

Labels:
0 Helpful
3 Replies 3

Laurent Aubert
Cisco Employee
Cisco Employee

‎09-23-2009 10:40 AM

Hi,

What is your configuration ? what does the nat table look like ?

Thanks

Laurent.

0 Helpful

paolo bevilacqua
Hall of Fame
Hall of Fame
In response to Laurent Aubert

‎09-23-2009 11:13 AM

And very important, which router is this and how much traffic you have.

0 Helpful

tonio.ojea
Level 1
Level 1

‎09-24-2009 02:02 AM

You could use an access list in your wan interface denying incoming tcp connections with the syn bit active, like this

int FaX/X

desc WAN

ip access-group 135 in

ip nat outside

access-list 135 deny tcp any (publicIp) (public network) syn

access-list 135 permit any any

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card