Publication Date: 2019-07-12 | Views: 1727 | Downloads: 0 | Document ID: EKB1000090157
Step 1 Run the display current-configuration command to check the configuration. The command output shows that traffic from intranet users to the public IP address x.x.180.10 is not redirected in the PBR configuration.
acl number 2000
rule 10 permit source x.x.0.0 0.0.0.255
acl number 2999
rule 5 permit
acl number 3001
rule 11 permit ip source x.x.0.0 0.0.255.255 destination x.x.180.10 0
traffic classifier vlan11 operator or
if-match acl 3001
traffic classifier vlan10 operator or
if-match acl 2000
traffic behavior vlan11
traffic behavior vlan10
redirect ip-nexthop x.x.180.9
traffic policy vlan10
classifier vlan11 behavior vlan11
classifier vlan10 behavior vlan10
ip address x.x.100.1 255.255.255.0
traffic-policy vlan10 inbound
nat server protocol tcp global interface GigabitEthernet0/0/2 www inside 192.168.0.140 www
ip address x.x.180.10 255.255.255.252
nat server protocol tcp global current-interface www inside 192.168.0.140 www
nat outbound 2999
Step 2 Analyze the ping operation from HostA to the server.
Phase 1: HostA sends data to the server.
x.x.1.100 x.x.0.140 //GE0/0/0 translates the public IP address x.x.180.10 to the private IP address
x.x.0.140 based on the NAT flow table.
x.x.100.1 //GE0/0/0 translates the private IP address x.x.1.100 to the public IP address x.x.100.1 based on the NAT flow table. x.x.0.140
Phase 2: The server sends data to HostA.
x.x.0.140 x.x.100.1 //The traffic does not match ACL 3001 and is redirected.
x.x.0.140 x.x.1.100 ///GE0/0/0 translates the public IP address x.x.100.1 to the private IP address x.x.1.100 based on the NAT flow table.
x.x.180.10 //GE0/0/0 translates the private IP address x.x.0.140 to the public IP address x.x.180.10 based on the NAT flow table. x.x.1.100