From: Brian Hescock (bhescock@xxxxxxxxx)
Date: Fri Aug 04 2000 - 09:54:23 GMT-3
Ron has found what is known to be the only way to do it, but as Ron
implies, probably is best to avoid (great job Ron!). We discussed this
here within tac a few months back and I believe someone was able to get
it working in our lab with two loopbacks and policy routing (but didn't
need secondary ip addresses I don't believe, probably a different way to
do the same thing). BUT... it isn't what I would call a
"supported" solution by TAC. There are a lot of things you can do with IOS
that will work in a way that wasn't intended for it to work. We actually
get quite a few requests for this feature so I suspect you'll see it a
command to allow this sometime in the future, although it would probably
be a complete NAT code redesign and might be awhile.
Brian
On Fri, 4 Aug 2000 Ron.Fuller@3x.com wrote:
>
> I don't think you can do this. The interface must be one or the other, not
> both. You can use policy routing to a loopback to work around this. We
> did this the other night in our study group. The scenario was one with DSL
> or cable, where you have a router with one ethernet with a public address,
> but this ethernet is also connected to your inside network as well. Use
> secondary addresing for the internal addressing, use the "real" IP address
> for the primary address and do policy routing to NAT out the inside address
> to the outside. Loopbacks can participate in NAT. Ugly, but it worked well
> and not very secure as far as a good security design goes.
>
> HTH!
> Ron Fuller, CCIE #5851, CCDP, CCNP-ATM, CCNP-Security, MCNE
> 3X Corporation
> rfuller@3x.com
>
>
>
> Padhu@steinro
> e.com To: ccielab@groupstudy.com
> Sent by: cc:
> nobody@groups Subject: IP NAT Inside and outsi
de on the same interface
> tudy.com
>
>
> 08/04/00
> 01:32 AM
> Please
> respond to
> Padhu
>
>
>
>
>
>
> Has anyone heard about this or tried ? Thanks.
>
> Cheers,Padhu
>
This archive was generated by hypermail 2.1.4 : Thu Jun 13 2002 - 08:24:21 GMT-3