Pros/cons of ip nat "list" vs "route-map"

Discussion in 'Cisco' started by Tuc, Aug 2, 2007.

  1. Tuc

    Tuc Guest

    Hi,

    Recently I've gotten more into doing NAT at sites. I've
    noticed
    that it seems that when customers use the GUI, it does something
    like :

    ip nat inside source list 2 interface Serial0/1/0 overload
    access-list 2 remark SDM_ACL Category=18
    access-list 2 permit 192.168.25.0 0.0.0.255
    access-list 2 permit 192.168.50.0 0.0.0.255
    access-list 2 permit 192.168.75.0 0.0.0.255
    access-list 2 permit 10.0.0.0 0.0.0.255


    I set up a router at my own site, using an example from
    another
    site (Just because of dual transits, ip sla monitoring, tracking, etc)
    and it used :

    ip nat inside source route-map HUGHES interface Ethernet1/0 overload
    ip nat inside source route-map SEABREEZE interface Ethernet0/0
    overload

    route-map HUGHES permit 10
    match interface Ethernet1/0
    !
    route-map SEABREEZE permit 10
    match interface Ethernet0/0


    Is there one that is generally "more preferred" over the
    other?
    Are there advantages of one over the other?

    One of the things I can't seem to do on my config is telnet
    into the "ip nat outside" ports on the router. If I do, I get an entry
    in the NAT table for :

    Pro Inside global Inside local Outside local Outside
    global
    tcp 192.168.75.49:3 192.168.75.49:23 208.45.247.233:25922
    208.45.247.233:25
    922

    so it looks like its being subject to NAT even though I'm
    trying to reach
    the 192.168.75.49 locally (And yea, I can do it, since I'm trying to
    telnet from
    a "directly attached" interface on the opposing router configured as :

    interface GigabitEthernet0/0
    description $ETH-SW-LAUNCH$$INTF-INFO-GE0/0$$ES_LAN$$FW_INSIDE$$ETH-
    LAN$
    ip address 10.0.0.1 255.255.255.0 secondary
    ip address 192.168.75.1 255.255.255.0 secondary
    ip address 192.168.50.1 255.255.255.0 secondary
    ip address 208.45.247.233 255.255.255.248
    no ip redirects
    no ip unreachables
    no ip proxy-arp
    ip nat inside
    ip virtual-reassembly
    ip route-cache flow
    duplex auto
    speed auto
    no mop enabled

    (Though, I *WISH* it would try to telnet from the 75.1, which
    is in the
    same subnet as my 75.49!)

    Thanks, Tuc
     
    Tuc, Aug 2, 2007
    #1
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.