No announcement yet.

nat + route-map

  • Filter
  • Time
  • Show
Clear All
new posts

  • nat + route-map

    I have on my router something like this one:

    ip nat inside source static tcp 22 19345

    that is used to pass ssh through port 19345

    Now I want to limit access to my router for computers using ssh. Let say that I have to allow ssh accces only from 45.78.23.XX network. How I going to that?

    With route map? How?

    There is one option with ip nat inside ... which is called expendable. I could not find what it is used for?

  • #2
    Re: nat + route-map

    I have forgotten to say I am using Cisco 2801,


    • #3
      Re: nat + route-map

      Hi Perebu

      This should help give you an idea of how to configure the route map:



      • #4
        Re: nat + route-map

        Well, it does not tell me a lot.

        Let say that I want to establish ssh communication from one address location down the internet to my server on the private address with public address allocated from my ISP. Then:

        ip nat source static tcp 20 12345 route-map mymap

        route-map mymap permit 10
        match ip address 110

        ip access-list 110 ip host host

        Basically, I want to limit ssh access to my server behind nat.


        • #5
          Re: nat + route-map


          Let me resume what problem how to set ssh conection with accsess list which will deny access from all but one location to the server inside private network.

          Well, I have tried to simplify. In fact I have another interface Tunnel6, which is configured with ip nat outside, and then I have two interface with ip nat outside. No the question is how to design that one particular nat translation is for one interface, while other translation are used for second interface.
          I guess it could be done with route-map, but how?