I need to apply source AND destination routing on my 29XX router.
In genereal the scenario is as follows:
- a TCP SYN comes from Internet to a public address in the pool I owe.
- I need to route this packet (and the rest of communication) to one of my internal servers based on: srcIP and port, dstIP and port.
- public dstIP of TCP SYN can be used by many external hosts
- srcIP is static (I know it before it sends any packet and it won't change)
An ideal solution would be routing based on extended ACL but as far as I know I can only route based on:
A) destination IP (classic routing)
B) source IP (policy routing)
Makeing long story short: I need A + B.
TCP SYN s=188.8.131.52.64543 d=184.108.40.206.80 ==> s=220.127.116.11.64543 d=172.16.250.1.23
TCP SYN s=18.104.22.168.44543 d=22.214.171.124.69 ==> s=126.96.36.199.44543 d=172.16.250.100.53
TCP SYN s=188.8.131.52.34943 d=184.108.40.206.80 ==> s=220.127.116.11.34943 d=172.16.250.200.22
where values in brown are known before connection.
Note: I tried PAT but I was not able to use '18.104.22.168' for multiple rules. I cannot invert inside and outside NAT interfaces (so Internet would be my inside) because I need to use a 'normal' NAT for other services (located on the same subnet).
Note: In example I used well-known ports but I mean to use a solution for different service.
We are pleased to announce availability of Beta software for 16.6.3.
16.6.3 will be the second rebuild on the 16.6 release train targeted
towards Catalyst 9500/9400/9300/3850/3650 switching platforms. We are
looking for early feedback from customers befor...
Introduction Featured Speakers Luis Espejel is the Telecommunications
Manager of IENova, an Oil & Gas company. Currently he works with Cisco
IOS® and Cisco IOS XE platforms, and NX to some extent. He has also
worked as a Senior Engineer with the Routing P...
In this session you can learn more about Layer 3 multicast and the best
practices to identify possible threats and take security measures. It
provides an overview of basic multicast, the best security practices for
use of this technology, and recommendati...