From: Manish Rajdev (ccieapr@xxxxxxxxx)
Date: Thu Jan 11 2001 - 16:49:41 GMT-3
HI,
No you cannot do IP NAT INSIDE and IP NAT OUTSIDE on
the same interface. If you ceck ur config, it
overwrite the 1st command which u enter by the 2nd
command, try any combination.
For NAT to work, It monitors the packets coming into
the interface, checks on which interface it needs to
be routed & check again if nat is configured on that
interface & then nat accordingly.
You can check this by doing a debug ip nat & the show
ip nat stat, show ip nat trans commands.
Hope this helps
Manish
--- Chuck Larrieu <chuck@cl.cncdsl.com> wrote:
> Forgive me this question, but WHY?
>
> The point of secondary addressing is to expand the
> number of addresses
> available on the same physical wire.
>
> NAT, on the other hand, is done generally the edge
> of your network - between
> inside and outside domains, for any number of
> reasons.
>
> If you have two subnets, A, and B, and both are on
> the same physical segment
> using secondary addressing, why do you need to NAT
> between them?
>
> Chuck
>
> -----Original Message-----
> From: nobody@groupstudy.com
> [mailto:nobody@groupstudy.com] On Behalf Of Dan
> Skiptunas
> Sent: Thursday, January 11, 2001 10:32 AM
> To: ccielab@groupstudy.com
> Subject: NAT with secondary address
>
> Hello,
> I am trying to find out if you can do NAT on the
> same interface as =
> your secondary addresses... both the inside and
> outside interface the =
> same . see config
>
>
> Thank You,
> Dan Skiptunas
> Network Engineer
> Jannon Solutions
> =20
>
> r5#sho run
> Building configuration...
> =20
> Current configuration:
> !
> version 12.0
> service timestamps debug uptime
> service timestamps log uptime
> no service password-encryption
> !
> hostname r5
> !
> enable password cisco
> !
> username r3 password 0 cisco
> ip subnet-zero
> no ip domain-lookup
> isdn switch-type basic-ni
> !
> !
> !
> interface Ethernet0
> ip address 1.1.1.1 255.255.255.0 secondary
> ip address 170.100.42.241 255.255.255.240
> no ip directed-broadcast
> ip nat outside
> !
> interface Serial0
> no ip address
> no ip directed-broadcast
> encapsulation frame-relay
> no ip mroute-cache
> frame-relay lmi-type ansi
> !
> interface Serial0.1 multipoint
> ip address 170.100.100.1 255.255.255.0
> no ip directed-broadcast
> ip ospf network point-to-multipoint
> ip ospf interface-retry 0
> frame-relay map ip 170.100.100.3 203 broadcast
> frame-relay map ip 170.100.100.5 202 broadcast
> !
> interface Serial0.2 point-to-point
> ip address 170.100.101.1 255.255.255.0
> no ip directed-broadcast
> frame-relay interface-dlci 204
> !
> interface Serial1
> no ip address
> no ip directed-broadcast
> shutdown
> !
> interface BRI0
> ip address 170.100.10.1 255.255.255.240
> no ip directed-broadcast
> encapsulation ppp
> ip ospf interface-retry 0
> dialer idle-timeout 300
> dialer map ip 170.100.10.2 name r3 broadcast
> 0835866101
> dialer map ip 170.100.10.2 name r3 broadcast
> 0835866301
> dialer load-threshold 1 either
> dialer-group 1
> isdn switch-type basic-ni
> isdn spid1 0835866201 8358662
> isdn spid2 0835866401 8358664
> ppp authentication chap
> ppp multilink
> !
> router ospf 50
> summary-address 1.1.1.0 255.255.255.0 not-advertise
> redistribute rip metric 100 metric-type 1 subnets
> network 170.100.10.0 0.0.0.255 area 0
> network 170.100.100.0 0.0.0.255 area 0
> default-information originate metric 100
> metric-type 1
> !
> router rip
> version 2
> network 170.100.0.0
> no auto-summary
> !
> router igrp 1
> redistribute ospf 50 metric 1500 2000 255 1 1500
> network 170.100.0.0
> !
> ip nat pool pool 170.100.42.242 170.100.42.254
> netmask 255.255.255.240
> ip nat inside source list 11 pool pool overload
> ip classless
> !
> access-list 1 deny 170.100.101.0
> access-list 1 permit any
> access-list 11 permit 1.1.1.0 0.0.0.254
> dialer-list 1 protocol ip permit
> !
> !
> line con 0
> transport input none
> line aux 0
> line vty 0 4
> password cisco
> login
> !
> end
> =20
>
>
>
This archive was generated by hypermail 2.1.4 : Thu Jun 13 2002 - 10:27:27 GMT-3