I need to set a access list on a ip nat voip rule.
i have this nat rules that works fine:
ip nat inside source static tcp 192.168.11.254 80 57.23.88.xxx 80 extendable
ip nat inside source static udp 192.168.11.250 5060 57.23.88.xxx 5060 extendable
Now i need to allow only a access list to pass over ip nat on port 5060 (voip), the port 80 its public só no access list required.
new rule to voip:
The access list:
access-list 100 permit udp 79.41.34.xxx 0.0.0.63 eq 5060 any
ip nat pool VOIP 192.168.11.250 192.168.11.250 netmask 255.255.255.0 type rotary
ip nat inside source list 100 pool VOIP
But this config don't work, all traffic was rejected, so what am doing wrong ?