Thanks Garry/Andrew,
@Garry:
Actually, I have mentioned, I have specific scenario - 2 interfaces -inside
and outside only. no dual-homing etc.
>>Noticed, I am not tweaking any metric or anything.
so still can't see why would anyone will use in my examples route-map. both
route-map and simple nat acl are producing the same result.
I think as you both have mentioned - route-map is flexible and list ACL is
not.
Need to read between the lines for this one or Just use the route-map.
On Sun, May 15, 2011 at 1:17 PM, garry baker <baker.garry_at_gmail.com> wrote:
> Note 2
> The advantage of using route-maps is that under the match command you can
> have more options other than source IP address. For example, under the
> route-map, match interface or match ip next-hop can be specified. By using
> route-maps, you can specify the IP address as well as the interface or the
> next-hop address to which the packet is to be forwarded. Therefore,
> route-maps with NAT are used in a scenario where the subscriber is
> multi-homing to different ISPs.
>
>
> http://www.cisco.com/en/US/tech/tk648/tk361/technologies_tech_note09186a0080093fca.shtml
>
> --
> Garry L. Baker
>
> "With sufficient thrust, pigs fly just fine..." - RFC 1925
>
>
>
> On Sun, May 15, 2011 at 4:51 AM, Radioactive Frog <pbhatkoti_at_gmail.com>wrote:
>
>> Folks,
>> In below scenario where I am excluding 192.168.1.0/24 from NAT - in what
>> scenario I'd use route-map?
>> Noticed, I am not tweaking any metric or anything.
>>
>> Task# exclude 192.168.1.0/24 from NAT
>>
>> My understanding is both solution will work but easier one is solution#2
>> without route-map. Save time in typing :)
>>
>> what are your thoughts?
>>
>> --------------- Solution#1----------------
>> ip access-list extended NAT
>> deny ip 192.168.1.0 0.0.0.255 192.168.2.0 0.0.0.255
>> permit ip any any
>>
>> route-map POLICY-NAT 10
>> match ip address NAT
>>
>> ip nat source route-map POLICY-NAT interface s0/0 overload
>>
>> interface f1/0
>> ip nat inside
>>
>> interface s0/0
>> ip nat outside
>>
>> ----------Solution#2---------------
>> ip access-list extended NAT
>> deny ip 192.168.1.0 0.0.0.255 192.168.2.0 0.0.0.255
>> permit ip any any
>>
>> ip nat source list NAT interface s0/0 overload
>>
>> interface f1/0
>> ip nat inside
>>
>> interface s0/0
>> ip nat outside
>>
>>
>> Blogs and organic groups at http://www.ccie.net
>>
>> _______________________________________________________________________
>> Subscription information may be found at:
>> http://www.groupstudy.com/list/CCIELab.html
Blogs and organic groups at http://www.ccie.net
Received on Sun May 15 2011 - 14:45:51 ART
This archive was generated by hypermail 2.2.0 : Wed Jun 01 2011 - 09:01:11 ART