From: miken (miken@sisna.com)
Date: Mon May 12 2003 - 00:52:57 GMT-3
Take a look at this URL and notice where NAT takes place on the inbound
interface.
http://www.cisco.com/en/US/partner/tech/tk648/tk361/technologies_tech_note09
186a0080133ddd.shtml Regardless of whether you are applying your route-map
to a NAT statement or a policy route, I don't think it is going to solve the
requirement and as you mention, is not working.
What if you were to let NAT take place, then policy route based on the
de-NATed destination address and source address. If the source is the
226.10.1.1, then forward to E0, if no, then forward to Null0. Don't forget
to add a final permit any any so your normal Internet users can still go out
to the Internet. You still have to use ACLs, but they are applied to the
route-map and possibly your NAT statements, but not the interface for
filtering. Lab it up and see what you think. IMHO and in theory it should
work.
Any other ideas??
HTH,
Mike N
----- Original Message -----
From: "Abdul Waheed Ghaffar" <a_w_ghaffar@hotmail.com>
To: <ccielab@groupstudy.com>
Sent: Sunday, May 11, 2003 1:41 PM
Subject: NAT...
> Hi all,
>
> I have following configuration.
>
>
> e0------------------R1------S0--------------------INTERNET
>
>
> Some body from internet needs to be connected with a host A on Ethernet.I
> need to configure NAT such that only desired ip from internet ( let say
> 226.10.1.1 ) can access host 1 ( let say 10.1.0.90). I need to contro it
> via NAT not by putting accesslist on that interface....I tried route-map
> but its not working bcoz once the NAT table created we cannot control the
> outside access.
>
> Any idea?
>
> regards
>
> _________________________________________________________________
> MSN 8 helps eliminate e-mail viruses. Get 2 months FREE*.
> http://join.msn.com/?page=features/virus
This archive was generated by hypermail 2.1.4 : Mon Jun 02 2003 - 15:13:41 GMT-3