04-30-2010 06:56 AM - edited 03-04-2019 08:19 AM
Hello Cisco Community,
I need to translate the outside global address for any IP from the Internet when heading to a particular inside local address to a pool of local private ip addresses that are routable within my private EIGRP topology. What is the best way to match that traffic, extended ACL or route-map w/ extended ACL? I already have a static inside nat mapping for this host (ip nat inside source static 'inside local' 'inside global') to change the inside global address to an inside local address that can route in my network. Each external client that accesses our Outlook Web Access service will need to be assigned a unique outside local address since they will all be accessing TCP port 433 from out ISA proxy. On the ISA host, I will route traffic for 10.10.10.0 255.255.255.0 via a static route so that Outlook Web Access traffic head down our backbone network, while web proxy (web surfing) traffic head out a cable router via 0.0.0.0 0.0.0.0. Make sense?
Here is the config I was thinking about below. Any suggestions? I assume I need a loopback address so I can attach the NAT pool's network to it and then inject that route into my EIGRP topology.
!
ip nat inside source static 'inside local' 'inside global' (This already exists in the router)
ip nat outside source route-map 'route-map-name' pool 'pool-name'
ip nat pool 'pool-name' 10.10.10.2 10.10.10.254 netmask 255.255.255.0 type rotary
route-map permit 'route-map-name'
match ip address 100
!
access-list 100 permit ip any host 'inside-global-ip-addr'
!
interface loopback1
ip address 10.10.10.1 netmask 255.255.255.0
!
router eigrp 1
network 10.10.10.0 0.0.0.255
!
Solved! Go to Solution.
04-30-2010 07:03 AM
Not sure what a route-map gains you in this instance as it any address to a specific host so an extended acl should do the trick.
Yes you need to advertise the pool network internally so using a loopback on your router and then advertising via EIGRP is a sensible way to go.
Jon
04-30-2010 07:03 AM
Not sure what a route-map gains you in this instance as it any address to a specific host so an extended acl should do the trick.
Yes you need to advertise the pool network internally so using a loopback on your router and then advertising via EIGRP is a sensible way to go.
Jon
04-30-2010 07:05 AM
Yeah I'm not sure what the route-map gives me either.
Thanks for your input. I will use an extended ACL.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide