06-26-2013 05:19 AM - edited 03-07-2019 02:05 PM
I would like to forward a range of ports. To test I have setup a Static NAT with a route-map on various devices. However, every time I set it up all ports are forwarded; the route-map never gets consulted. Any advice on how to achieve this would be greatly appreciated.
Please see my lab configuration below:-
R2#sh run
Building configuration...
Current configuration : 1112 bytes
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname R2
!
boot-start-marker
boot-end-marker
!
logging buffered 4096 debugging
!
no aaa new-model
ip cef
!
!
no ip dhcp use vrf connected
!
ip dhcp pool p1
network 10.0.0.0 255.255.255.0
default-router 10.0.0.254
dns-server 8.8.8.8
!
!
no ip domain lookup
!
!
username admin privilege 15 password 0 password
!
bridge irb
!
!
interface Loopback1
no ip address
!
interface FastEthernet0/0
ip address 10.0.0.254 255.255.255.0
ip nat inside
duplex auto
speed auto
!
interface FastEthernet0/1
ip address 1.1.1.1 255.255.255.0
ip nat outside
duplex auto
speed auto
!
!
!
ip http server
no ip http secure-server
ip nat inside source static 10.0.0.1 1.1.1.1 route-map SNAT extendable
!
ip access-list extended PORTR
permit tcp any any range 6000 7000
permit udp any any range 9000 10000
!
route-map SNAT permit 10
match ip address PORTR
!
!
!
!
control-plane
!
!
!
line con 0
line aux 0
line vty 0 4
privilege level 15
login local
!
scheduler allocate 20000 1000
end
R2#sh route-map
route-map SNAT, permit, sequence 10
Match clauses:
ip address (access-lists): PORTR
Set clauses:
Policy routing matches: 0 packets, 0 bytes
R2#sh ip access-list
Extended IP access list PORTR
10 permit tcp any any range 6000 7000
20 permit udp any any range 9000 10000
R2#
08-02-2013 06:40 AM
Since postingI have found a workaround. I have given the outside interface a secondary IP address and forwarded all traffic from there. In the real example I have an ACL on the outside interface to block the other ports.
This is the final config:
R2#sh run
Building configuration...
Current configuration : 1112 bytes
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname R2
!
boot-start-marker
boot-end-marker
!
logging buffered 4096 debugging
!
no aaa new-model
ip cef
!
!
no ip dhcp use vrf connected
!
ip dhcp pool p1
network 10.0.0.0 255.255.255.0
default-router 10.0.0.254
dns-server 8.8.8.8
!
!
no ip domain lookup
!
!
username admin privilege 15 password 0 password
!
bridge irb
!
!
interface Loopback1
no ip address
!
interface FastEthernet0/0
ip address 10.0.0.254 255.255.255.0
ip nat inside
duplex auto
speed auto
!
interface FastEthernet0/1
ip address 1.1.1.1 255.255.255.0
ip address 1.1.1.2 255.255.255.0 secondary
ip nat outside
duplex auto
speed auto
!
!
!
ip http server
no ip http secure-server
ip nat inside source static 10.0.0.1 1.1.1.2
!
!
!
!
control-plane
!
!
!
line con 0
line aux 0
line vty 0 4
privilege level 15
login local
!
scheduler allocate 20000 1000
end
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide