[c-nsp] Multiple NAT & Rerouting Web Traffic
Jan Gregor
jan.gregor at chronix.org
Mon Sep 6 16:35:04 EDT 2010
Hi,
> access-list 110 remark ***** ACL route-map RerouteWebTraffic *****
> access-list 110 permit tcp any any eq www
> access-list 110 permit tcp any any eq 443
>
> route-map sdsl permit 10
> match ip address NAT_Exempt
>
> ip access-list extended NAT_Exempt
> deny ip 192.168.8.0 0.0.0.255 192.168.6.0 0.0.0.255
> deny ip 192.168.8.0 0.0.0.255 192.168.7.0 0.0.0.255
> permit ip 192.168.8.0 0.0.0.255 any
I guess this is the problem. Try denying things allowed in acl 110 away
from acl NAT_Exempt and see if that helps (be sure that these new denies
are before permit in that acl).
Best regards,
Jan
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 260 bytes
Desc: OpenPGP digital signature
URL: <https://puck.nether.net/pipermail/cisco-nsp/attachments/20100906/53e3b2c5/attachment.bin>
More information about the cisco-nsp
mailing list