[c-nsp] NAt issue - two isp connections, need to nat 2nd isp for two dest addresses only
Richard Clayton
sledge121 at gmail.com
Fri Apr 19 06:11:12 EDT 2013
I had an ALG bug which I raised with TAC, took 8 months and 4 TAC Engineers
(I use the word Engineers loosely) but finally they released an IOS with a
specific fix, we got there in the end.
On 19 April 2013 09:57, Reuben Farrelly <reuben-cisco-nsp at reub.net> wrote:
> Yes it certainly should work, however I found that it doesn't always work
> properly, specifically for SIP traffic (TCP and UDP traffic worked fine).
> The SIP ALG is broken and you'll find traffic will exit one interface but
> the SIP ALG will sometimes rewrite the SIP header to have the other
> interfaces' outside IP.
>
> It looked like an elegant solution to a simple problem; the config I had
> was something like this:
>
> route-map internet-nat-access permit 10
> match interface FastEthernet0/1
> !
> route-map tunnel-nat-access permit 10
> match interface Tunnel0
>
> ip nat inside source route-map internet-nat-access interface
> FastEthernet0/1 overload
> ip nat inside source route-map tunnel-nat-access interface Tunnel0 overload
>
> I was controlling which interface the traffic went out with static routes.
> Disabling the SIP ALG didn't resolve the problem either.
>
> I had a TAC case open for over 15 months in which I had a 100%
> reproducible test case across multiple platforms and multiple versions of
> IOS, and eventually after much "persistence" and 3 or so TAC engineers
> later, TAC agreed that yes, it was indeed a bug.
>
> It was raised as CSCue13042 in January (SR 619832003).
>
> Unfortunately, and to my extreme frustration, it changed status without
> warning to "Terminated (Unreproducible)" just last week.
>
> So - YMMV. The config suggested "mostly" works. Which is more than I can
> say for TAC in this instance.
>
> Reuben
>
>
>
> On 19/04/2013 5:03 PM, CCIE Ninja wrote:
>
>> I guess this would work, if you match on outgoing interface?
>>
>> route-map SP_A_NAT
>> match interface $MY_OUTGOING_INTERFACE
>>
>> ip nat inside source 155.1.5.5 155.1.13.7 route-map SP_A_NAT
>>
>
> ______________________________**_________________
> cisco-nsp mailing list cisco-nsp at puck.nether.net
> https://puck.nether.net/**mailman/listinfo/cisco-nsp<https://puck.nether.net/mailman/listinfo/cisco-nsp>
> archive at http://puck.nether.net/**pipermail/cisco-nsp/<http://puck.nether.net/pipermail/cisco-nsp/>
>
More information about the cisco-nsp
mailing list