Send redback-nsp mailing list submissions to redback-nsp@puck.nether.net
To subscribe or unsubscribe via the World Wide Web, visit https://puck.nether.net/mailman/listinfo/redback-nsp or, via email, send a message with subject or body 'help' to redback-nsp-requ...@puck.nether.net You can reach the person managing the list at redback-nsp-ow...@puck.nether.net When replying, please edit your Subject line so it is more specific than "Re: Contents of redback-nsp digest..." Today's Topics: 1. NAT Exclude ACL (Micha? Przywuski) ---------------------------------------------------------------------- Message: 1 Date: Thu, 10 Aug 2017 14:36:57 +0200 From: Micha? Przywuski <mprzywu...@jmdi.pl> To: redback-nsp@puck.nether.net Subject: [rbak-nsp] NAT Exclude ACL Message-ID: <2d878ef3-4b81-dd72-854d-698c50bd8...@jmdi.pl> Content-Type: text/plain; charset=utf-8; format=flowed Hi , i looking for method how to exclude some class from NAT (for ex 10.0.0.0/8) I have this configuration but Redback drop packet belongs to 10.0.0.0/8 Where i make a mistake ? CLIPS]Dareek(config-policy-nat)#show configuration Building configuration... Current configuration: ! context CLIPS ! no ip domain-lookup ! nat logging-profile nat-logging-profile export-version v9 maximum ip-packet-size 1400 source 10.3.37.179 port 37777 ! ! ip nat pool nat-pool-1 napt paired-mode logging paired-mode subscriber over-subscription 64 port-limit 2000 logging-profile nat-logging-profile address 185.102.191.242/32 port-block 0 to 15 ! ip nat pool natpool napt multibind ! nat policy nat-policy enhanced connections tcp maximum 1000 connections udp maximum 1000 ! Default class pool nat-pool-1 CLIPS endpoint-independent filtering tcp endpoint-independent filtering udp inbound-refresh udp icmp-notification ! Named classes access-group NAT-ACL class CLASS-IGN ignore inbound-refresh udp icmp-notification ! nat policy natpolicy ! Default class pool natpool clips inbound-refresh udp icmp-notification ! interface Biuro ! interface Radius loopback ip address 185.102.191.243/32 ! interface TEST ip address 80.238.114.186/30 ! interface To-Cisco-Pol ip address 10.29.0.1/30 ! interface ZEW multibind ip address 185.102.191.245/30 dhcp server interface ! interface clips multibind ip address 10.10.10.1/24 dhcp server interface ! interface clips-nat multibind ip address 172.25.36.1/24 dhcp server interface logging console logging syslog 10.1.10.15 facility local7 ! policy access-list NAT-ACL seq 10 permit ip any 10.0.0.0 0.255.255.255 class CLASS-IGN ! aaa authentication administrator local aaa authentication administrator maximum sessions 1 aaa authentication subscriber radius ! radius server 10.3.14.24 encrypted-key 29301649C0017C21 ! subscriber default dhcp max-addrs 5 ! ip route 0.0.0.0/0 context BGP ip route 10.0.0.0/8 10.29.0.2 ! dhcp server policy subnet 10.10.10.0/24 range 10.10.10.100 10.10.10.200 option router 10.10.10.1 option domain-name-server 8.8.8.8 subnet 172.25.36.0/24 range 172.25.36.100 172.25.36.200 option router 172.25.36.1 option domain-name-server 8.8.8.8 subnet 185.102.191.244/30 range 185.102.191.245 185.102.191.246 option router 185.102.191.245 option domain-name-server 8.8.8.8 ! ! ! end -- Micha? Przywuski Administrator sieci. ------------------------------ Subject: Digest Footer _______________________________________________ redback-nsp mailing list redback-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/redback-nsp ------------------------------ End of redback-nsp Digest, Vol 109, Issue 3 *******************************************