Re: route-map reversible

getaway51 · ‎09-03-2018

May I know what it means by configuration below?

1)172.16.20.18 nat to 8.24.1.86 and vice versa?

2) reversible means both way?

3)route-map nat1 function is to match ip address 40 only? Wht else it does? Why it the route-map nat for?

ip nat inside source static 172.16.20.18 8.24.1.86 route-map nat1 reversible

route-map nat1 permit 10
match ip address 40

access-list 40 permit ip any host 186.41.211.12
access-list 40 permit ip any 208.1.2.32 0.0.0.7

paul driver · ‎09-03-2018

Hello

@getaway51 wrote:

May I know what it means by configuration below?

1)172.16.20.18 nat to 8.24.1.86 and vice versa? - This is a static nat entry from a inside lan address 172.16.20.18 to an outside public address 8.24.1.86.

2) reversible means both way? - The reversible keyword means once a connection from the inside host 172.16.20.18 is made it will be mapped(translated) to the the outside ip address 8.24.1.86.

As that time an entry will be made and mapped in the routers NAT table so any additional communication from 8.24.1.86 is initiated it will be translated into 172.16.20.18 and forward to that host and unlike other nat table entry's this reversible nat entry wont expire.

3)route-map nat1 function is to match ip address 40 only? Wht else it does? Why it the route-map nat for? - the route map is specifying an access-list allowing what host or network range will be allowed to be translated from your public ip nat address 8.24.1.86 so it can reach inside host 172.16.20.18 with you reversible keyword:

so in your case

host 186.41.211.12 <> 8.24.1.86 <>172.16.20.18
network 208.1.2.32/29 <> 8.24.1.86 <>172.16.20.18

Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul

getaway51 · ‎09-03-2018

access-list 40 permit ip any host 186.41.211.12
access-list 40 permit ip any 208.1.2.32 0.0.0.7
Here isn't access-list 40 means permit any IP address/host to 186.41.211.12 & 208.1.2.32/29?
access-list 40 permit ip <source> <destination>? is this correct?
shldnt it be>>>>> access-list 40 permit 186.41.211.12 and access-list 40 permit 208.1.2.32 0.0.0.7?
OR
basically the whole objective is to allow only 186.41.211.12 & 208.1.2.32/29 to access 8.24.1.86. then nat it to 172.16.20.18?

paul driver · ‎09-03-2018

@getaway51 wrote:
basically the whole objective is to allow only 186.41.211.12 & 208.1.2.32/29 to access 8.24.1.86. then nat it to 172.16.20.18?

It is indeed - with a nat table mapping created first from the initIalisation of your internal host

Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul

getaway51 · ‎09-04-2018

access-list 40 permit ip any host 186.41.211.12
access-list 40 permit ip any 208.1.2.32 0.0.0.7
Here isn't access-list 40 means permit any IP address/host to 186.41.211.12 & 208.1.2.32/29?
access-list 40 permit ip <source> <destination>? is this correct?
shldnt it be>>>>> access-list 40 permit 186.41.211.12 and access-list 40 permit 208.1.2.32 0.0.0.7?

paul driver · ‎09-04-2018

Hello

That access-list 40 is a standard acl and looking at those ace statements they are not correct, In fact the router shouldn't even take that command.

access-list 40 permit ~~ip any~~ host 186.41.211.12
access-list 40 permit ~~ip any~~ 208.1.2.32 0.0.0.7

Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul