Route-map vs. access-list.

Discussion in 'Cisco' started by AM, Jul 25, 2005.

  1. AM

    AM Guest

    Hi all,

    till now I always used route-map on NAT rule to avoid translations of traffic directed to the other LAN through a VPN
    tunnel. But route-map section has only a match rule to an ACL.

    I've been applying that method as an external consultant told us but now I would ask you if the same result will be
    obtained using simply an ACL instead of a route-map.

    So below follows the real configuration


    ip nat inside source route-map vpn_2hq interface Dialer0 overload
    ....
    route-map vpn_2hq permit 10
    match ip address 131
    ....
    access-list 131 deny ip 10.134.3.0 0.0.0.255 192.168.31.0 0.0.0.255
    access-list 131 permit ip 10.134.3.0 0.0.0.255 any


    but should the next one be correct as well?

    ip nat inside source list 131 vpn_2hq interface Dialer0 overload
    ....
    access-list 131 deny ip 10.134.3.0 0.0.0.255 192.168.31.0 0.0.0.255
    access-list 131 permit ip 10.134.3.0 0.0.0.255 any


    Alex.
     
    AM, Jul 25, 2005
    #1
    1. Advertising

  2. AM

    Guest

    As long as there is no action taken on the match, then an ACL should
    work fine.

    I would use: ip nat inside source list 131 interface Dialer0 overload
     
    , Aug 1, 2005
    #2
    1. Advertising

  3. AM

    paranic Guest

    maybe he cant use
    ip nat inside source list 131 interface Dialer0 overload

    because above match ip address 131 on his route-map has a line similar
    to this
    route-map vpn_2hq permit 10
    match ip address 131
    match interface Dialer1

    in order to NAT only traffic from dialer 1
    and then default route everything to some other dialer or atm interface
    without NAT
    ip route 0.0.0.0 0.0.0.0 Dialer2
     
    paranic, Aug 1, 2005
    #3
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Tarek Hamdy
    Replies:
    12
    Views:
    5,658
    Tarek Hamdy
    Oct 7, 2004
  2. AM
    Replies:
    3
    Views:
    670
  3. Replies:
    1
    Views:
    5,284
    Barry Margolin
    Aug 13, 2005
  4. Dil
    Replies:
    0
    Views:
    1,362
  5. Replies:
    9
    Views:
    5,627
    Scott Perry
    Aug 7, 2008
Loading...

Share This Page