cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
308
Views
0
Helpful
0
Replies
Highlighted
Beginner

Cisco 886 strange route-map problem

 

Hi,

 

I have a cisco 886VA with c880data-universalk9-mz.154-3.M9.bin and acrtivated advipservices license.

I have a multipoint VPN using GRE.

My problem is that although ISKMP in ON

 

c886#sh control-plane host open-ports | i ISAKMP
 udp                      *:4500                         *:0                   ISAKMP   LISTEN
 udp                       *:500                         *:0                   ISAKMP   LISTEN

if I nmap the ports from outside I get

 

 

PORT     STATE  SERVICE
500/udp  closed isakmp
4500/udp closed sae-urn

 

 

Bellow is the problem I'm facing..

 

ip nat inside source route-map NAT interface Dialer46 overload
ip nat inside source static tcp <asterisk-server> 22 <router's statis IP> 22 extendable
...
ip nat inside source static <asterisk-server> <router's statis IP> route-map SIP

route-map SIP permit 10
 match ip address ASTERISK
!
route-map NAT permit 10
 match ip address PAT XVPN
 match interface Dialer46

ip access-list extended ASTERISK
 permit udp host <asterisk-server> any range 15000 18000
 permit udp host <asterisk-server> any range 40000 50087

I narrow down the problem to this line

ip nat inside source static <asterisk-server> <router's statis IP> route-map SIP

when I apply it I loose VPN and I can verify that instead of forward only the udp range on ASTERISK access-list it forwards all ports, including 500,4500.

I run on asterisk a netcat listener on udp port 500 and nmap responded.

 

Am I doing something wrong or this is a bug?

 

Regards

 

0 REPLIES 0