NAT Routemaps Outside-to-Inside Support

Similar documents
Fine-Grain NBAR for Selective Applications

Fine-Grain NBAR for Selective Applications

Match-in-VRF Support for NAT

FPG Endpoint Agnostic Port Allocation

Restrictions for Disabling Flow Cache Entries in NAT and NAT64

Nested Class Map Support for Zone-Based Policy Firewall

Bulk Logging and Port Block Allocation

Quality of Service for VPNs

Flexible NetFlow - MPLS Support

DMVPN Event Tracing. Finding Feature Information

Stateful Network Address Translation 64

SSL Custom Application

Sun RPC ALG Support for Firewalls and NAT

Sun RPC ALG Support for Firewalls and NAT

Using Flexible NetFlow Flow Sampling

Using Flexible NetFlow Flow Sampling

Add Path Support in EIGRP

IP over IPv6 Tunnels. Information About IP over IPv6 Tunnels. GRE IPv4 Tunnel Support for IPv6 Traffic

DHCP Client. Finding Feature Information. Restrictions for the DHCP Client

IS-IS Inbound Filtering

Configuring Firewall TCP SYN Cookie

Configuring Hosted NAT Traversal for Session Border Controller

EIGRP Route Tag Enhancements

IGMP Proxy. Finding Feature Information. Prerequisites for IGMP Proxy

Enabling ALGs and AICs in Zone-Based Policy Firewalls

NBAR2 HTTP-Based Visibility Dashboard

Enabling ALGs and AICs in Zone-Based Policy Firewalls

Configuring DHCP Option 60 and Option 82 with VPN-ID Support for Transparent Automatic Logon

NAT Box-to-Box High-Availability Support

SSH Algorithms for Common Criteria Certification

Static NAT Mapping with HSRP

OSPF Incremental SPF

QoS Group Match and Set for Classification and Marking

Carrier Grade Network Address Translation

Memory Threshold Notifications

Configurable Number of Simultaneous Packets per Flow

Configuring IP SLAs TCP Connect Operations

BGP Support for IP Prefix Export from a VRF Table into the Global Table

BGP Route-Map Continue

ACL Syslog Correlation

BGP Next Hop Unchanged

Manipulating SIP Status-Line Header of SIP Responses

IPv6 Routing: Route Redistribution

EIGRP Support for Route Map Filtering

Server Groups in Outbound Dial Peers

Port-Level Shaping and Minimum Bandwidth Guarantee

BGP Enhanced Route Refresh

Sun RPC ALG Support for Firewall and NAT

Configuring IP Summary Address for RIPv2

DHCP Relay Server ID Override and Link Selection Option 82 Suboptions

IS-IS IPv6 Administrative Tag

OSPF Limit on Number of Redistributed Routes

Firewall Stateful Inspection of ICMP

BGP mvpn BGP safi IPv4

BGP-VPN Distinguisher Attribute

VLANs over IP Unnumbered SubInterfaces

IP Overlapping Address Pools

Configuring NAT for IP Address Conservation

Dynamic Bandwidth Sharing

Per-Flow Admission. Finding Feature Information. Prerequisites for Per-Flow Admission

RADIUS Route Download

MPLS over GRE. Finding Feature Information. Prerequisites for MPLS VPN L3VPN over GRE

BGP Graceful Shutdown

BGP Support for Next-Hop Address Tracking

BGP Named Community Lists

802.1P CoS Bit Set for PPP and PPPoE Control Frames

Per-Flow Admission. Finding Feature Information. Prerequisites for Per-Flow Admission

VRF-Aware Cloud Web Security

DHCP Server Port-Based Address Allocation

AAA Server Groups. Finding Feature Information. Information About AAA Server Groups. AAA Server Groups

The ISG RADIUS Proxy Support for Mobile Users Hotspot Roaming and Accounting Start Filtering feature

OSPFv2 Local RIB. Finding Feature Information

Configuring an Error Response Code upon an Out-of-Dialog OPTIONS Ping Failure

BGP-RT and VPN Distinguisher Attribute Rewrite Wildcard

Configuring IP SLAs ICMP Echo Operations

BGP Support for Dual AS Configuration for Network AS Migrations

Configuring OSPF TTL Security Check and OSPF Graceful Shutdown

MSRPC ALG Support for Firewall and NAT

Restrictions for Secure Copy Performance Improvement

PIM Allow RP. Finding Feature Information. Restrictions for PIM Allow RP

Configuring VoIP Call Setup Monitoring

BGP Support for Next-Hop Address Tracking

Configuring IP SLAs ICMP Echo Operations

Regulating Packet Flow on a Per-Interface Basis Using Generic Traffic Shaping

BGP Policy Accounting

SIP ALG Resilience to DoS Attacks

Loose Checking Option for TCP Window Scaling in Zone-Based Policy Firewall

URI-Based Dialing Enhancements

IP SLAs TWAMP Responder

Configurable Queue Depth

Finding Feature Information

URI-Based Dialing Enhancements

PPP over Frame Relay

Using the Multicast Routing Monitor

L2TP IPsec Support for NAT and PAT Windows Clients

ibgp Multipath Load Sharing

Flow-Based per Port-Channel Load Balancing

QoS Policy Propagation via BGP

BGP-MVPN SAFI 129 IPv6

Implementing NAT-PT for IPv6

Transcription:

The feature enables you to configure a NAT routemap configuration that allows IP sessions to be initiated from outside the network to inside the network. This module explains how to configure the feature. Restrictions for NAT Route Maps Outside-to-Inside, on page 1 Information About NAT Route Maps Outside-to-inside, on page 1 How to Enable NAT Route Maps Outside-to-inside, on page 3 Configuration Examples for NAT Route Maps Outside-to-inside, on page 4 Additional References for NAT Route Maps Outside-to-Inside, on page 4 Feature Information for NAT Route Maps Outside-to-Inside, on page 5 Restrictions for NAT Route Maps Outside-to-Inside Only IP hosts that are part of a route map configuration will allow outside sessions. Outside-to-inside support is not available with Port Address Translation (PAT). Outside sessions must use an access list. Access lists with reversible route maps must be configured to match the inside-to-outside traffic. The match interface and match next-hop commands are not supported for reversible route maps. Information About NAT Route Maps Outside-to-inside Route Maps Outside-to-Inside Design An initial session from the inside to the outside host is required to trigger a NAT. New translation sessions can then be initiated from outside to the inside host that triggered the initial translation. When route maps are used to allocate global addresses, the global address can allow return traffic, and the return traffic is allowed only if the return traffic matches the defined route map in the reverse direction. The outside-to-inside functionality remains unchanged (by not creating additional entries to allow the return traffic 1

Route Maps Outside-to-Inside Design for a route-map-based dynamic entry) unless you configure the reversible keyword with the ip nat inside source command. Note Access lists with reversible route maps must be configured to match the inside-to-outside traffic. Only IP hosts that are part of the route-map configuration will allow outside sessions. Outside-to-inside support is not available with PAT. Outside sessions must use an access list. The match interface and match ip next-hop commands are not supported for reversible route maps. Reversible route maps are not supported for static NAT. SUMMARY STEPS 1. enable 2. configure terminal 3. ip nat pool name start-ip end-ip netmask netmask 4. ip nat inside source route-map name pool name reversible 5. exit DETAILED STEPS Step 1 enable Enables privileged EXEC mode. Enter your password if prompted. Router> enable Step 2 configure terminal Enters global configuration mode. Step 3 Router(config)# configure terminal ip nat pool name start-ip end-ip netmask netmask Defines a pool of network addresses for NAT. Router(config)# ip nat pool POOL-A 192.168.201.4 192.168.201.6 netmask 255.255.255.128 Step 4 ip nat inside source route-map name reversible pool name Enables outside-to-inside initiated sessions to use route maps for destination-based NAT. Step 5 Router(config)# ip nat inside source route-map MAP-A pool POOL-A reversible exit Exits global configuration mode and enters privileged EXEC mode. 2

How to Enable NAT Route Maps Outside-to-inside Router(config)# exit How to Enable NAT Route Maps Outside-to-inside Enabling NAT Route Maps Outside-to-Inside The NAT Route Maps Outside-to-Inside feature enables you to configure a Network Address Translation (NAT) route map configuration. It allows IP sessions to be initiated from the outside to the inside. Perform this task to enable the NAT Route Maps Outside-to-Inside feature. SUMMARY STEPS 1. enable 2. configure terminal 3. ip nat pool name start-ip end-ip netmask netmask 4. ip nat pool name start-ip end-ip netmask netmask 5. ip nat inside source route-map name pool name [reversible] 6. ip nat inside source route-map name pool name [reversible] 7. end DETAILED STEPS Step 1 Step 2 Step 3 Step 4 enable Device> enable configure terminal Device(config)# configure terminal ip nat pool name start-ip end-ip netmask netmask Device(config)# ip nat pool POOL-A 192.168.201.4 192.168.201.6 netmask 255.255.255.128 ip nat pool name start-ip end-ip netmask netmask Device(config)# ip nat pool POOL-B 192.168.201.7 192.168.201.9 netmask 255.255.255.128 Enables privileged EXEC mode. Enter your password if prompted. Enters global configuration mode. Defines a pool of network addresses for NAT. Defines a pool of network addresses for NAT. 3

Configuration Examples for NAT Route Maps Outside-to-inside Step 5 Step 6 Step 7 ip nat inside source route-map name pool name [reversible] Device(config)# ip nat inside source route-map MAP-A pool POOL-A reversible ip nat inside source route-map name pool name [reversible] Device(config)# ip nat inside source route-map MAP-B pool POOL-B reversible end Device(config)# end Enables outside-to-inside initiated sessions to use route maps for destination-based NAT. Enables outside-to-inside initiated sessions to use route maps for destination-based NAT. (Optional) Exits global configuration mode and returns to privileged EXEC mode. Configuration Examples for NAT Route Maps Outside-to-inside Enabling NAT Route Maps Outside-to-Inside The following example shows how to configure route map A and route map B to allow outside-to-inside translation for a destination-based Network Address Translation (NAT): ip nat pool POOL-A 192.168.201.4 192.168.201.6 netmask 255.255.255.128 ip nat pool POOL-B 192.168.201.7 192.168.201.9 netmask 255.255.255.128 ip nat inside source route-map MAP-A pool POOL-A reversible ip nat inside source route-map MAP-B pool POOL-B reversible Additional References for NAT Route Maps Outside-to-Inside Related Documents Related Topic Cisco IOS commands NAT commands Document Title Cisco IOS Master Command List, All Releases Cisco IOS <<Technology>> Command Reference 4

Feature Information for NAT Route Maps Outside-to-Inside Technical Assistance Description The Cisco and Documentation website provides online resources to download documentation, software, and tools. Use these resources to install and configure the software and to troubleshoot and resolve technical issues with Cisco products and technologies. Access to most tools on the Cisco and Documentation website requires a Cisco.com user ID and password. Link http://www.cisco.com/cisco/web/support/index.html Feature Information for NAT Route Maps Outside-to-Inside The following table provides release information about the feature or features described in this module. This table lists only the software release that introduced support for a given feature in a given software release train. Unless noted otherwise, subsequent releases of that software release train also support that feature. Use Cisco Feature Navigator to find information about platform support and Cisco software image support. To access Cisco Feature Navigator, go to www.cisco.com/go/cfn. An account on Cisco.com is not required. Table 1: Feature Information for NAT Route Maps Outside-to-Inside Feature Name NAT Route Maps Outside-to-Inside Releases 12.3(14)T Feature Information The NAT Route Maps Outside-to-Inside feature enables you to configure a NAT route map configuration that allows IP sessions to be initiated from the outside to the inside. The following command was introduced or modified: ip nat inside. 5

Feature Information for NAT Route Maps Outside-to-Inside 6

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback