Question: I want to map a range of tcp ports to an internal host from the internet. I could use the ip nat inside static tcp command for mapping an specific port, but what if I want to map the tcp port range from 8000 to 8050?, Is there a way to do that with a single command?
Answer
1.create static translation:
ip nat inside source static 192.168.60.10 172.16.181.195 route-map MAP extendable
ip nat inside source static tcp 192.168.1.2 80 172.17.181.195 80 extendable
2. Define the port range
access-list 101 permit tcp host 192.168.60.10 range 8000 8050 any
route-map MAP permit 10
match ip address 101
Wednesday, March 21, 2007
frame-relay static route problem
FAQ
the problem occur when two routers connected via frame-relay switch (2522 router), the configuration on switch is correct as well as on both routers, the loop back interface has been made on RB router i.e RB has 20.0.0.0/8, while at RA router the static router is defined as
ip route 20.0.0.0 0.255.255.255 serial 0
it was not able to send packets to 20.0.0.0/8 when run debug, it got error like encapsulation failed, now when it replaced the static route with next hop ip it was working fine, why ????
When a layer3 packet is going to be sent out, the router must know the layer 2 header to encapsulate the Layer3 packet.In this case, it must know which dlci number (as well as other layer2 information) to encap the IP packet. If you only indicate a connected interface for the static route, and there are many dlci numbers on this interface, the router will not know which dlci number to use and thus gives you a encapsulation failure message.
On the other hand, if you indicate a next-hop address on the static route and there is a frame-relay map which maps a dlci number to this next-hop address , the router will know the exact dlci number to encapsulate the ip packet and the packet will be sent out successfully.
the problem occur when two routers connected via frame-relay switch (2522 router), the configuration on switch is correct as well as on both routers, the loop back interface has been made on RB router i.e RB has 20.0.0.0/8, while at RA router the static router is defined as
ip route 20.0.0.0 0.255.255.255 serial 0
it was not able to send packets to 20.0.0.0/8 when run debug, it got error like encapsulation failed, now when it replaced the static route with next hop ip it was working fine, why ????
When a layer3 packet is going to be sent out, the router must know the layer 2 header to encapsulate the Layer3 packet.In this case, it must know which dlci number (as well as other layer2 information) to encap the IP packet. If you only indicate a connected interface for the static route, and there are many dlci numbers on this interface, the router will not know which dlci number to use and thus gives you a encapsulation failure message.
On the other hand, if you indicate a next-hop address on the static route and there is a frame-relay map which maps a dlci number to this next-hop address , the router will know the exact dlci number to encapsulate the ip packet and the packet will be sent out successfully.
Review from the Cisco's end user
The posted reviewed is based on my experience managing dan configuring cisco product such as access switch, router, core switch etc.
Subscribe to:
Posts (Atom)