I had an ALG bug which I raised with TAC, took 8 months and 4 TAC Engineers (I use the word Engineers loosely) but finally they released an IOS with a specific fix, we got there in the end.
On 19 April 2013 09:57, Reuben Farrelly <reuben-cisco-...@reub.net> wrote: > Yes it certainly should work, however I found that it doesn't always work > properly, specifically for SIP traffic (TCP and UDP traffic worked fine). > The SIP ALG is broken and you'll find traffic will exit one interface but > the SIP ALG will sometimes rewrite the SIP header to have the other > interfaces' outside IP. > > It looked like an elegant solution to a simple problem; the config I had > was something like this: > > route-map internet-nat-access permit 10 > match interface FastEthernet0/1 > ! > route-map tunnel-nat-access permit 10 > match interface Tunnel0 > > ip nat inside source route-map internet-nat-access interface > FastEthernet0/1 overload > ip nat inside source route-map tunnel-nat-access interface Tunnel0 overload > > I was controlling which interface the traffic went out with static routes. > Disabling the SIP ALG didn't resolve the problem either. > > I had a TAC case open for over 15 months in which I had a 100% > reproducible test case across multiple platforms and multiple versions of > IOS, and eventually after much "persistence" and 3 or so TAC engineers > later, TAC agreed that yes, it was indeed a bug. > > It was raised as CSCue13042 in January (SR 619832003). > > Unfortunately, and to my extreme frustration, it changed status without > warning to "Terminated (Unreproducible)" just last week. > > So - YMMV. The config suggested "mostly" works. Which is more than I can > say for TAC in this instance. > > Reuben > > > > On 19/04/2013 5:03 PM, CCIE Ninja wrote: > >> I guess this would work, if you match on outgoing interface? >> >> route-map SP_A_NAT >> match interface $MY_OUTGOING_INTERFACE >> >> ip nat inside source 155.1.5.5 155.1.13.7 route-map SP_A_NAT >> > > ______________________________**_________________ > cisco-nsp mailing list cisco-nsp@puck.nether.net > https://puck.nether.net/**mailman/listinfo/cisco-nsp<https://puck.nether.net/mailman/listinfo/cisco-nsp> > archive at > http://puck.nether.net/**pipermail/cisco-nsp/<http://puck.nether.net/pipermail/cisco-nsp/> > _______________________________________________ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/