From: Jay Hennigan (jay@xxxxxxxx)
Date: Wed Jan 03 2001 - 15:32:29 GMT-3
On Wed, 3 Jan 2001, Michelle T wrote:
> Can someone help me make sense of the "match-host" keyword in IP NAT?
> Cisco's definition is listed below, and I still just don't get it.
>
> Host Number Preservation:
> For ease of network management, some sites wish to translate prefixes, not
> addresses. That is, they wish the translated address to have the same host
> number as the untranslated address. Of course, the two prefixes must be of
> the same length. This feature can be enabled by configuring dynamic
> translation as usual, but configuring the address pool to be of type
> "match-host":
> ip nat pool fred <start> <end> prefix-length <len> type match-host
Think of the fundamentals of IP subnetting, where an address is divided
into a network part and a host part. This option, with the requirement
of equal prefix length, maps the host part one-to-one.
What this keyword does is keep the host bits the same across both sides of
the NAT. So, for example, if the inside is 192.168.1.x/24 and the outside
is 172.16.200.x/24, then 192.168.1.123 would map to 172.16.200.123, etc.
^^^ ^^^
This holds true regardless of the subnet mask. A less intuitive example
would be 192.168.1.64/26 mapping to 172.16.5.0/26. Here, the inside host
of 192.168.1.77 (host bits 001101) would map to 172.16.5.13 (also 001101).
-- Jay Hennigan - Network Administration - jay@west.net NetLojix Communications, Inc. NASDAQ: NETX - http://www.netlojix.com/ WestNet: Connecting you to the planet. 805 884-6323
This archive was generated by hypermail 2.1.4 : Thu Jun 13 2002 - 10:27:22 GMT-3