Re: NAT with secondary address

From: Andrew (arousch@xxxxxxxx)
Date: Thu Jan 11 2001 - 16:39:21 GMT-3

• Next message: Merrill, James D. (AIT): "RE: Simple LS1010 config"
• Previous message: Paulo Mendes De Oliveira: "Re: Simple LS1010 config"
• Maybe in reply to: Dan Skiptunas: "NAT with secondary address"
• Next in thread: Manish Rajdev: "RE: NAT with secondary address"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

   
I might be unclear. Do you mean 'ip nat inside' and 'ip nat outside' on
the same interface between primary and secondary addresses? If so, no. IF
you mean having a primary and secondary address both participate in the 'ip
nat inside' group then yes. You can place both subnets in your NAT permit ACL.

Either way denotes extremely poor design ;)

-Cheers
-A

At 01:32 PM 1/11/01 -0500, Dan Skiptunas wrote:
>Hello,
> I am trying to find out if you can do NAT on the same interface as =
>your secondary addresses... both the inside and outside interface the =
>same . see config
>
>
>Thank You,
>Dan Skiptunas
>Network Engineer
>Jannon Solutions
> =20
>
>r5#sho run
>Building configuration...
>=20
>Current configuration:
>!
>version 12.0
>service timestamps debug uptime
>service timestamps log uptime
>no service password-encryption
>!
>hostname r5
>!
>enable password cisco
>!
>username r3 password 0 cisco
>ip subnet-zero
>no ip domain-lookup
>isdn switch-type basic-ni
>!
>!
>!
>interface Ethernet0
> ip address 1.1.1.1 255.255.255.0 secondary
> ip address 170.100.42.241 255.255.255.240
> no ip directed-broadcast
> ip nat outside
>!
>interface Serial0
> no ip address
> no ip directed-broadcast
> encapsulation frame-relay
> no ip mroute-cache
> frame-relay lmi-type ansi
>!
>interface Serial0.1 multipoint
> ip address 170.100.100.1 255.255.255.0
> no ip directed-broadcast
> ip ospf network point-to-multipoint
> ip ospf interface-retry 0
> frame-relay map ip 170.100.100.3 203 broadcast
> frame-relay map ip 170.100.100.5 202 broadcast
>!
>interface Serial0.2 point-to-point
> ip address 170.100.101.1 255.255.255.0
> no ip directed-broadcast
> frame-relay interface-dlci 204
>!
>interface Serial1
> no ip address
> no ip directed-broadcast
> shutdown
>!
>interface BRI0
> ip address 170.100.10.1 255.255.255.240
> no ip directed-broadcast
> encapsulation ppp
> ip ospf interface-retry 0
> dialer idle-timeout 300
> dialer map ip 170.100.10.2 name r3 broadcast 0835866101
> dialer map ip 170.100.10.2 name r3 broadcast 0835866301
> dialer load-threshold 1 either
> dialer-group 1
> isdn switch-type basic-ni
> isdn spid1 0835866201 8358662
> isdn spid2 0835866401 8358664
> ppp authentication chap
> ppp multilink
>!
>router ospf 50
> summary-address 1.1.1.0 255.255.255.0 not-advertise
> redistribute rip metric 100 metric-type 1 subnets
> network 170.100.10.0 0.0.0.255 area 0
> network 170.100.100.0 0.0.0.255 area 0
> default-information originate metric 100 metric-type 1
>!
>router rip
> version 2
> network 170.100.0.0
> no auto-summary
>!
>router igrp 1
> redistribute ospf 50 metric 1500 2000 255 1 1500
> network 170.100.0.0
>!
>ip nat pool pool 170.100.42.242 170.100.42.254 netmask 255.255.255.240
>ip nat inside source list 11 pool pool overload
>ip classless
>!
>access-list 1 deny 170.100.101.0
>access-list 1 permit any
>access-list 11 permit 1.1.1.0 0.0.0.254
>dialer-list 1 protocol ip permit
>!
>!
>line con 0
> transport input none
>line aux 0
>line vty 0 4
> password cisco
> login
>!
>end
>=20
>
>

• Next message: Merrill, James D. (AIT): "RE: Simple LS1010 config"
• Previous message: Paulo Mendes De Oliveira: "Re: Simple LS1010 config"
• Maybe in reply to: Dan Skiptunas: "NAT with secondary address"
• Next in thread: Manish Rajdev: "RE: NAT with secondary address"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Thu Jun 13 2002 - 10:27:27 GMT-3