I was playing around with policy nat. I tried several variations to really understand policy nat.
I was having trouble setting up a static nat with routemap checking for outside to inside traffic using the reversible keyword. It seems if you do not use the reversible keyword, all out->in traffic is allowed and is not checked against the routemap. If you use the reversible keyword, then the routemap is checked. However, for out->in traffic, it seems that when the routemap is checked, it only checks the ip protocol, and not the actual port number. I tried all variations for trying to use port numbers, but none worked. In the acl for the routemap, I also put in a permit tcp any any log at the end, and when an inbound telnet session was created I saw the following in the log: May 18 14:27:28.857: %SEC-6-IPACCESSLOGP: list r8anyacl permitted tcp 10.7.8.8(0) -> 7.56.0.6(0), 1 packet As you can see, no port numbers are seen, only the ip protocol number (in this case tcp) So the only way I can get an inbound tcp session from R6 to R8 on port 23, outside->inside is by allowing all tcp traffic: Ip access-list ext r8testacl Permit tcp host 10.7.8.8 host 7.56.0.6 Route-map r8test Match ip address r8testacl Ip nat inside source static 10.7.8.8 7.56.0.1 route-map r8testacl reversible Am I missing anything here, or does inbound static nats via routemaps not include port numbers and only include protocol numbers? Thanks
