09-03-2018 12:54 AM
May I know what it means by configuration below?
1)172.16.20.18 nat to 8.24.1.86 and vice versa?
2) reversible means both way?
3)route-map nat1 function is to match ip address 40 only? Wht else it does? Why it the route-map nat for?
ip nat inside source static 172.16.20.18 8.24.1.86 route-map nat1 reversible
route-map nat1 permit 10
match ip address 40
access-list 40 permit ip any host 186.41.211.12
access-list 40 permit ip any 208.1.2.32 0.0.0.7
09-03-2018 02:35 AM
Hello
@getaway51 wrote:
May I know what it means by configuration below?
1)172.16.20.18 nat to 8.24.1.86 and vice versa? - This is a static nat entry from a inside lan address 172.16.20.18 to an outside public address 8.24.1.86.
2) reversible means both way? - The reversible keyword means once a connection from the inside host 172.16.20.18 is made it will be mapped(translated) to the the outside ip address 8.24.1.86.
As that time an entry will be made and mapped in the routers NAT table so any additional communication from 8.24.1.86 is initiated it will be translated into 172.16.20.18 and forward to that host and unlike other nat table entry's this reversible nat entry wont expire.
3)route-map nat1 function is to match ip address 40 only? Wht else it does? Why it the route-map nat for? - the route map is specifying an access-list allowing what host or network range will be allowed to be translated from your public ip nat address 8.24.1.86 so it can reach inside host 172.16.20.18 with you reversible keyword:
so in your casehost 186.41.211.12 <> 8.24.1.86 <>172.16.20.18
network 208.1.2.32/29 <> 8.24.1.86 <>172.16.20.18
09-03-2018 05:58 AM
09-03-2018 08:24 AM
@getaway51 wrote:
basically the whole objective is to allow only 186.41.211.12 & 208.1.2.32/29 to access 8.24.1.86. then nat it to 172.16.20.18?
It is indeed - with a nat table mapping created first from the initIalisation of your internal host
09-04-2018 12:02 AM
09-04-2018 12:53 AM - edited 09-04-2018 12:53 AM
Hello
That access-list 40 is a standard acl and looking at those ace statements they are not correct, In fact the router shouldn't even take that command.
access-list 40 permit ip any host 186.41.211.12
access-list 40 permit ip any 208.1.2.32 0.0.0.7
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide