Send redback-nsp mailing list submissions to
redback-nsp@puck.nether.net
To subscribe or unsubscribe via the World Wide Web, visit
https://puck.nether.net/mailman/listinfo/redback-nsp
or, via email, send a message with subject or body 'help' to
redback-nsp-requ...@puck.nether.net
You can reach the person managing the list at
redback-nsp-ow...@puck.nether.net
When replying, please edit your Subject line so it is more specific
than "Re: Contents of redback-nsp digest..."
Today's Topics:
1. NAT Exclude ACL (Micha? Przywuski)
----------------------------------------------------------------------
Message: 1
Date: Thu, 10 Aug 2017 14:36:57 +0200
From: Micha? Przywuski <mprzywu...@jmdi.pl>
To: redback-nsp@puck.nether.net
Subject: [rbak-nsp] NAT Exclude ACL
Message-ID: <2d878ef3-4b81-dd72-854d-698c50bd8...@jmdi.pl>
Content-Type: text/plain; charset=utf-8; format=flowed
Hi , i looking for method how to exclude some class from NAT (for ex
10.0.0.0/8)
I have this configuration but Redback drop packet belongs to 10.0.0.0/8
Where i make a mistake ?
CLIPS]Dareek(config-policy-nat)#show configuration
Building configuration...
Current configuration:
!
context CLIPS
!
no ip domain-lookup
!
nat logging-profile nat-logging-profile
export-version v9
maximum ip-packet-size 1400
source 10.3.37.179 port 37777
!
!
ip nat pool nat-pool-1 napt paired-mode logging
paired-mode subscriber over-subscription 64 port-limit 2000
logging-profile nat-logging-profile
address 185.102.191.242/32 port-block 0 to 15
!
ip nat pool natpool napt multibind
!
nat policy nat-policy enhanced
connections tcp maximum 1000
connections udp maximum 1000
! Default class
pool nat-pool-1 CLIPS
endpoint-independent filtering tcp
endpoint-independent filtering udp
inbound-refresh udp
icmp-notification
! Named classes
access-group NAT-ACL
class CLASS-IGN
ignore
inbound-refresh udp
icmp-notification
!
nat policy natpolicy
! Default class
pool natpool clips
inbound-refresh udp
icmp-notification
!
interface Biuro
!
interface Radius loopback
ip address 185.102.191.243/32
!
interface TEST
ip address 80.238.114.186/30
!
interface To-Cisco-Pol
ip address 10.29.0.1/30
!
interface ZEW multibind
ip address 185.102.191.245/30
dhcp server interface
!
interface clips multibind
ip address 10.10.10.1/24
dhcp server interface
!
interface clips-nat multibind
ip address 172.25.36.1/24
dhcp server interface
logging console
logging syslog 10.1.10.15 facility local7
!
policy access-list NAT-ACL
seq 10 permit ip any 10.0.0.0 0.255.255.255 class CLASS-IGN
!
aaa authentication administrator local
aaa authentication administrator maximum sessions 1
aaa authentication subscriber radius
!
radius server 10.3.14.24 encrypted-key 29301649C0017C21
!
subscriber default
dhcp max-addrs 5
!
ip route 0.0.0.0/0 context BGP
ip route 10.0.0.0/8 10.29.0.2
!
dhcp server policy
subnet 10.10.10.0/24
range 10.10.10.100 10.10.10.200
option router 10.10.10.1
option domain-name-server 8.8.8.8
subnet 172.25.36.0/24
range 172.25.36.100 172.25.36.200
option router 172.25.36.1
option domain-name-server 8.8.8.8
subnet 185.102.191.244/30
range 185.102.191.245 185.102.191.246
option router 185.102.191.245
option domain-name-server 8.8.8.8
!
!
!
end
--
Micha? Przywuski
Administrator sieci.
------------------------------
Subject: Digest Footer
_______________________________________________
redback-nsp mailing list
redback-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/redback-nsp
------------------------------
End of redback-nsp Digest, Vol 109, Issue 3
*******************************************
