09-23-2009 06:14 AM - edited 03-04-2019 06:08 AM
Hello,
we have configured static NAT in our internet router. Now the CPU has intervals with 100%. We have seen that is due to NAT entries number. Besides the entries are created by external host that try to connect to Global/public ip address. Is there any way that configure NAT to avoid connections outside-to-inside?. I suppose
that an ACL use established FLAG could help me but I want to know if there is a NAT option to do it.
09-23-2009 10:40 AM
Hi,
What is your configuration ? what does the nat table look like ?
Thanks
Laurent.
09-23-2009 11:13 AM
And very important, which router is this and how much traffic you have.
09-24-2009 02:02 AM
You could use an access list in your wan interface denying incoming tcp connections with the syn bit active, like this
int FaX/X
desc WAN
ip access-group 135 in
ip nat outside
access-list 135 deny tcp any (publicIp) (public network) syn
access-list 135 permit any any
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide