[c-nsp] Multiple NAT & Rerouting Web Traffic

Jan Gregor jan.gregor at chronix.org
Wed Sep 8 08:47:40 EDT 2010 

Hi,

glad that first part worked. I would suggest change the PBR route-map to
"set interface Dialer3". Maybe that helps, maybe not :).

Best regards,

Jan

On 09/07/2010 06:57 PM, Ray Davis wrote:
> Thanks for the help!
> 
> I tried my previous test config again except with this difference...
> 
>     ip access-list extended NAT_Exempt
>     deny tcp any any eq www
>     deny tcp any any eq 443
>     deny   ip 192.168.8.0 0.0.0.255 192.168.6.0 0.0.0.255
>     deny   ip 192.168.8.0 0.0.0.255 192.168.7.0 0.0.0.255
>     permit ip 192.168.8.0 0.0.0.255 any
> 
> If I do a "sh ip nat translations" it looks like http traffic is being NATed correctly:
> 
> HTTP Traffic (123.123.123.123 is the VDSL ip address):
>   tcp 123.123.123.123:14757   192.168.8.1:14757     212.96.133.192:80     212.96.133.192:80
> 
> Non-HTTP Traffic (12.34.12.34 is the SDSL ip address (default)):
>   tcp 12.34.12.34:50004     192.168.8.115:50004   93.133.195.154:5938   93.133.195.154:5938
> 
> But doesn't seem to go out the correct interface.  At least there is never an http connection made.  :/
> 
> Cheers,
> Ray
> 
> On 6. Sep 2010, at 22:35 Uhr, Jan Gregor wrote:
> 
>> Hi,
>>
>>> access-list 110 remark ***** ACL route-map RerouteWebTraffic *****
>>> access-list 110 permit tcp any any eq www
>>> access-list 110 permit tcp any any eq 443
>>>
>>> route-map sdsl permit 10
>>> match ip address NAT_Exempt
>>>
>>> ip access-list extended NAT_Exempt
>>> deny   ip 192.168.8.0 0.0.0.255 192.168.6.0 0.0.0.255
>>> deny   ip 192.168.8.0 0.0.0.255 192.168.7.0 0.0.0.255
>>> permit ip 192.168.8.0 0.0.0.255 any
>>
>> I guess this is the problem. Try denying things allowed in acl 110 away
>> from acl NAT_Exempt and see if that helps (be sure that these new denies
>> are before permit in that acl).
>>
>> Best regards,
>>
>> Jan
>>
> 


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 262 bytes
Desc: OpenPGP digital signature
URL: <https://puck.nether.net/pipermail/cisco-nsp/attachments/20100908/9a6b9f20/attachment.bin>

More information about the cisco-nsp mailing list