Hi,
Recently I've gotten more into doing NAT at sites. I've noticed that it seems that when customers use the GUI, it does something like :
ip nat inside source list 2 interface Serial0/1/0 overload access-list 2 remark SDM_ACL Category=18 access-list 2 permit 192.168.25.0 0.0.0.255 access-list 2 permit 192.168.50.0 0.0.0.255 access-list 2 permit 192.168.75.0 0.0.0.255 access-list 2 permit 10.0.0.0 0.0.0.255
I set up a router at my own site, using an example from another site (Just because of dual transits, ip sla monitoring, tracking, etc) and it used :
ip nat inside source route-map HUGHES interface Ethernet1/0 overload ip nat inside source route-map SEABREEZE interface Ethernet0/0 overload
route-map HUGHES permit 10 match interface Ethernet1/0 ! route-map SEABREEZE permit 10 match interface Ethernet0/0
Is there one that is generally "more preferred" over the other? Are there advantages of one over the other?
One of the things I can't seem to do on my config is telnet into the "ip nat outside" ports on the router. If I do, I get an entry in the NAT table for :
Pro Inside global Inside local Outside local Outside global tcp 192.168.75.49:3 192.168.75.49:23 208.45.247.233:25922
208.45.247.233:25 922so it looks like its being subject to NAT even though I'm trying to reach the 192.168.75.49 locally (And yea, I can do it, since I'm trying to telnet from a "directly attached" interface on the opposing router configured as :
interface GigabitEthernet0/0 description $ETH-SW-LAUNCH$$INTF-INFO-GE0/0$$ES_LAN$$FW_INSIDE$$ETH- LAN$ ip address 10.0.0.1 255.255.255.0 secondary ip address 192.168.75.1 255.255.255.0 secondary ip address 192.168.50.1 255.255.255.0 secondary ip address 208.45.247.233 255.255.255.248 no ip redirects no ip unreachables no ip proxy-arp ip nat inside ip virtual-reassembly ip route-cache flow duplex auto speed auto no mop enabled
(Though, I *WISH* it would try to telnet from the 75.1, which is in the same subnet as my 75.49!)
Thanks, Tuc