06-26-2013 05:19 AM - edited 03-07-2019 02:05 PM
I would like to forward a range of ports. To test I have setup a Static NAT with a route-map on various devices. However, every time I set it up all ports are forwarded; the route-map never gets consulted. Any advice on how to achieve this would be greatly appreciated.
Please see my lab configuration below:-
R2#sh run
Building configuration...
Current configuration : 1112 bytes
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname R2
!
boot-start-marker
boot-end-marker
!
logging buffered 4096 debugging
!
no aaa new-model
ip cef
!
!
no ip dhcp use vrf connected
!
ip dhcp pool p1
network 10.0.0.0 255.255.255.0
default-router 10.0.0.254
dns-server 8.8.8.8
!
!
no ip domain lookup
!
!
username admin privilege 15 password 0 password
!
bridge irb
!
!
interface Loopback1
no ip address
!
interface FastEthernet0/0
ip address 10.0.0.254 255.255.255.0
ip nat inside
duplex auto
speed auto
!
interface FastEthernet0/1
ip address 1.1.1.1 255.255.255.0
ip nat outside
duplex auto
speed auto
!
!
!
ip http server
no ip http secure-server
ip nat inside source static 10.0.0.1 1.1.1.1 route-map SNAT extendable
!
ip access-list extended PORTR
permit tcp any any range 6000 7000
permit udp any any range 9000 10000
!
route-map SNAT permit 10
match ip address PORTR
!
!
!
!
control-plane
!
!
!
line con 0
line aux 0
line vty 0 4
privilege level 15
login local
!
scheduler allocate 20000 1000
end
R2#sh route-map
route-map SNAT, permit, sequence 10
Match clauses:
ip address (access-lists): PORTR
Set clauses:
Policy routing matches: 0 packets, 0 bytes
R2#sh ip access-list
Extended IP access list PORTR
10 permit tcp any any range 6000 7000
20 permit udp any any range 9000 10000
R2#
08-02-2013 06:40 AM
Since postingI have found a workaround. I have given the outside interface a secondary IP address and forwarded all traffic from there. In the real example I have an ACL on the outside interface to block the other ports.
This is the final config:
R2#sh run
Building configuration...
Current configuration : 1112 bytes
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname R2
!
boot-start-marker
boot-end-marker
!
logging buffered 4096 debugging
!
no aaa new-model
ip cef
!
!
no ip dhcp use vrf connected
!
ip dhcp pool p1
network 10.0.0.0 255.255.255.0
default-router 10.0.0.254
dns-server 8.8.8.8
!
!
no ip domain lookup
!
!
username admin privilege 15 password 0 password
!
bridge irb
!
!
interface Loopback1
no ip address
!
interface FastEthernet0/0
ip address 10.0.0.254 255.255.255.0
ip nat inside
duplex auto
speed auto
!
interface FastEthernet0/1
ip address 1.1.1.1 255.255.255.0
ip address 1.1.1.2 255.255.255.0 secondary
ip nat outside
duplex auto
speed auto
!
!
!
ip http server
no ip http secure-server
ip nat inside source static 10.0.0.1 1.1.1.2
!
!
!
!
control-plane
!
!
!
line con 0
line aux 0
line vty 0 4
privilege level 15
login local
!
scheduler allocate 20000 1000
end
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: