Hello all,
I'm trying to configure a Cisco ASA 5516 to replace an old Cisco 1841 router for a customer but I am having difficulty converting some of the NAT rules. Whoever put the config together appears to have put conditional NAT in place but I do not understand what is happening in the following example:
! ip nat inside source static tcp 10.0.0.227 443 <publicIP> 443 route-map SDM_RMAP_2 extendable ! route-map SDM_RMAP_2 permit 1 match ip address 111 ! access-list 111 remark CCP_ACL Category=2 access-list 111 deny ip host 10.0.0.231 192.168.0.64 0.0.0.63 access-list 111 permit tcp host 10.0.0.231 eq 443 any
From my understanding the NAT translation is only meant to take place if it meets the criteria of the route-map. However, the ACL contains an inside IP that is completely unrelated.
Any help would be appreciated. TIA!
No comments:
Post a Comment