Re: ip nat question

From: Brian Hescock (bhescock@xxxxxxxxx)
Date: Fri Oct 06 2000 - 19:37:18 GMT-3

• Next message: John Koehl: "RE: ATM NSAP Question"
• Previous message: Mr. Yuck: "CCIE-R/S Lab Nov. 13-14 RTP,NC - Want to trade"
• Maybe in reply to: aiqun hu: "ip nat question"
• Next in thread: Geatti: "RE: ip nat question"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

   
Hi,
     It can be completely different address spaces than what's on your ethernet
 interface. The only real
items you need to make sure of is: a) is it globally unique address space that
 I own or given to me and b)
am I advertising that address space. typically I put the nat pool as the ip
address on a loopback
interface then advertise it to the outside world. So given that, here's how i
t works in a nutshell:

- a packet comes in the inside interface
- does it match access-list 1?
- if yes, packet gets translated, source address is now a global ip from your n
at pool
- packet forwarded out nat outside interface to the destination
- destination sends a packet back to the source
- route sees the packet and nat translates it back, changing it to the correct
destination ip (which had
been our original source ip)
- router forwards packet to destination ip

Brian

aiqun hu wrote:

> Hello Group,
>
> Is it necessary to set up the global IP address pool belong to the same
> subnet as the outside interface? If not, I don't know how the traffic being
> routed back.
>
> For example, the following config is from URL:
> http://www.cisco.com/univercd/cc/td/doc/product/software/ios113ed/113ed_cr/np
1_r/1ripadr.htm#xtocid587531
>
> Example
>
> ip nat pool net-208 171.69.233.208 171.69.233.223 prefix-length 28
> ip nat inside source list 1 pool net-208
> !
> interface ethernet 0
> ip address 171.69.232.182 255.255.255.240
> ip nat outside
> !
> interface ethernet 1
> ip address 192.168.1.94 255.255.255.0
> ip nat inside
> !
> access-list 1 permit 192.168.1.0 0.0.0.255
> access-list 1 permit 192.168.2.0 0.0.0.255
> --------------------------------------------------
>
> Pool net-208 is the global outside address range for internal subnet
> 192.168.1.0 and 192.168.2.0. And the nat outside interface address is
> 171.69.232.182, which belong to another subnet. If E0 connect to Internet,
> for example, the default GW should belong to the subnet of Interface E0. Let
> say using 171.69.232.183 for default gateway for outgoing traffice. So all
> the internal IP address(192.168.2.0 and 192.168.1.0) will be converted to
> 171.69.233.208/28 subnet address, but using 171.69.232.183 as default
> gateway to go out. When the traffic coming back, it won't send to E0 if the
> destination address ranges don't belong to the subnet of E0. Feel free to
> correct me if I misunderstand something. Any feedback will be appreciated.
>
> Thanks,
>

• Next message: John Koehl: "RE: ATM NSAP Question"
• Previous message: Mr. Yuck: "CCIE-R/S Lab Nov. 13-14 RTP,NC - Want to trade"
• Maybe in reply to: aiqun hu: "ip nat question"
• Next in thread: Geatti: "RE: ip nat question"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Thu Jun 13 2002 - 08:25:24 GMT-3