[c-nsp] "ip nat ... route-map foo" doesn't work in 12.3(26)?
Gerald Krause
gk at ax.tc
Tue Oct 28 19:08:45 EDT 2008
Hi folks,
do I miss something or is this a bug?
This work:
==========
!
int f0
ip nat inside
!
int f1
ip nat outside
!
!
ip nat inside source static network 192.168.1.0 10.0.106.0 /24
!
host-command
------------
ping 192.168.1.171 -> 192.168.106.185
local-cpe# debug ip nat detail
------------------------------
Oct 28 22:04:41.234: NAT: Create inside host entry from network translation:
Oct 28 22:04:41.234: 192.168.1.171 -> 10.0.106.171 (192.168.1.0 ->
10.0.106.0)
Oct 28 22:04:41.234: NAT: i: icmp (192.168.1.171, 1024) ->
(192.168.106.185, 1024) [28798]
Oct 28 22:04:41.238: NAT: s=192.168.1.171->10.0.106.171,
d=192.168.106.185 [28798]
Oct 28 22:04:41.238: NAT: installing alias for address 10.0.106.171
Oct 28 22:04:41.302: NAT*: o: icmp (192.168.106.185, 1024) ->
(10.0.106.171, 1024) [4174]
Oct 28 22:04:41.302: NAT*: s=192.168.106.185,
d=10.0.106.171->192.168.1.171 [4174]
Oct 28 22:04:42.234: NAT*: i: icmp (192.168.1.171, 1024) ->
(192.168.106.185, 1024) [28799]
Oct 28 22:04:42.234: NAT*: s=192.168.1.171->10.0.106.171,
d=192.168.106.185 [28799]
remote-cpe#sh ip nat tr
-----------------------
... Outside local Outside global
... 10.0.106.171:1024 10.0.106.171:1024
This does not work:
===================
!
int f0
ip nat inside
!
int f1
ip nat outside
!
!
ip nat inside source static network 192.168.1.0 10.0.106.0 /24 route-map foo
!
access-list 100 permit ip 192.168.1.0 0.0.0.255 192.168.106.0 0.0.0.255
!
route-map foo permit 10
match ip address 100
!
host-command
------------
ping 192.168.1.171 -> 192.168.106.185
local-cpe# debug ip nat detail
------------------------------
Oct 28 22:07:00.235: NAT: map match foo
Oct 28 22:07:00.239: NAT: Create inside host entry from network translation:
Oct 28 22:07:00.239: 192.168.1.171 -> 10.0.106.171 (192.168.1.0 ->
10.0.106.0)
Oct 28 22:07:00.239: NAT: map match foo
Oct 28 22:07:00.239: NAT: installing alias for address 10.0.106.171
-> no further "NAT: s=192.168.1.171->10.0.106.171..." log messages!
remote-cpe#sh ip nat tr
-----------------------
...Outside local Outside global
...192.168.1.171:1024 192.168.1.171:1024
--
Gerald (ax/tc)
More information about the cisco-nsp
mailing list