RE: NAT with secondary address

From: Padhu (LFG) (padhu@xxxxxxxxxxxx)
Date: Thu Jan 11 2001 - 19:06:32 GMT-3

• Next message: Kevin Baumgartner: "RE: RIPv2/EIGRP thru tunnel"
• Previous message: Glen Johnstone: "Re: RIPv2/EIGRP thru tunnel"
• Maybe in reply to: Dan Skiptunas: "NAT with secondary address"
• Next in thread: Wu Jiang: "Re: NAT with secondary address"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

   
Is there a restriction that you can't use a loopback for the 1.0.0.0 network
and have that as ip nat inside...?

Seconday addressing - I don't see how this is gonna work .

Cheers,padhu

-----Original Message-----
From: Dan Skiptunas [mailto:dskiptunas@jannon.com]
Sent: Thursday, January 11, 2001 3:27 PM
To: ccielab@groupstudy.com
Subject: Re: NAT with secondary address

The question was (this is a study lab) Configure NAT on vlan 2. Host
addresses are 1.1.1.1 to 1.1.1.253.
Use the valid 14-host network on r5's E0 as valid addresses (into the rest
of the network). make sure that the other routers see the 170.100.42.x route
but not the 1.1.1.0 network .

  now I may be thinking wrong but how would you do this ? I added the
secondary address because I thought that the hosts would be on the same
interface , I may be very wrong. any thoughts? Nowhere in this lab does it
state where the 1.1.1.0 network is
----- Original Message -----
From: "Andrew" <arousch@home.com>
To: "Dan Skiptunas" <dskiptunas@jannon.com>; <ccielab@groupstudy.com>
Sent: Thursday, January 11, 2001 2:39 PM
Subject: Re: NAT with secondary address

> I might be unclear. Do you mean 'ip nat inside' and 'ip nat outside' on
> the same interface between primary and secondary addresses? If so, no.
IF
> you mean having a primary and secondary address both participate in the
'ip
> nat inside' group then yes. You can place both subnets in your NAT permit
ACL.
>
> Either way denotes extremely poor design ;)
>
> -Cheers
> -A
>
> At 01:32 PM 1/11/01 -0500, Dan Skiptunas wrote:
> >Hello,
> > I am trying to find out if you can do NAT on the same interface as =
> >your secondary addresses... both the inside and outside interface the =
> >same . see config
> >
> >
> >Thank You,
> >Dan Skiptunas
> >Network Engineer
> >Jannon Solutions
> > =20
> >
> >r5#sho run
> >Building configuration...
> >=20
> >Current configuration:
> >!
> >version 12.0
> >service timestamps debug uptime
> >service timestamps log uptime
> >no service password-encryption
> >!
> >hostname r5
> >!
> >enable password cisco
> >!
> >username r3 password 0 cisco
> >ip subnet-zero
> >no ip domain-lookup
> >isdn switch-type basic-ni
> >!
> >!
> >!
> >interface Ethernet0
> > ip address 1.1.1.1 255.255.255.0 secondary
> > ip address 170.100.42.241 255.255.255.240
> > no ip directed-broadcast
> > ip nat outside
> >!
> >interface Serial0
> > no ip address
> > no ip directed-broadcast
> > encapsulation frame-relay
> > no ip mroute-cache
> > frame-relay lmi-type ansi
> >!
> >interface Serial0.1 multipoint
> > ip address 170.100.100.1 255.255.255.0
> > no ip directed-broadcast
> > ip ospf network point-to-multipoint
> > ip ospf interface-retry 0
> > frame-relay map ip 170.100.100.3 203 broadcast
> > frame-relay map ip 170.100.100.5 202 broadcast
> >!
> >interface Serial0.2 point-to-point
> > ip address 170.100.101.1 255.255.255.0
> > no ip directed-broadcast
> > frame-relay interface-dlci 204
> >!
> >interface Serial1
> > no ip address
> > no ip directed-broadcast
> > shutdown
> >!
> >interface BRI0
> > ip address 170.100.10.1 255.255.255.240
> > no ip directed-broadcast
> > encapsulation ppp
> > ip ospf interface-retry 0
> > dialer idle-timeout 300
> > dialer map ip 170.100.10.2 name r3 broadcast 0835866101
> > dialer map ip 170.100.10.2 name r3 broadcast 0835866301
> > dialer load-threshold 1 either
> > dialer-group 1
> > isdn switch-type basic-ni
> > isdn spid1 0835866201 8358662
> > isdn spid2 0835866401 8358664
> > ppp authentication chap
> > ppp multilink
> >!
> >router ospf 50
> > summary-address 1.1.1.0 255.255.255.0 not-advertise
> > redistribute rip metric 100 metric-type 1 subnets
> > network 170.100.10.0 0.0.0.255 area 0
> > network 170.100.100.0 0.0.0.255 area 0
> > default-information originate metric 100 metric-type 1
> >!
> >router rip
> > version 2
> > network 170.100.0.0
> > no auto-summary
> >!
> >router igrp 1
> > redistribute ospf 50 metric 1500 2000 255 1 1500
> > network 170.100.0.0
> >!
> >ip nat pool pool 170.100.42.242 170.100.42.254 netmask 255.255.255.240
> >ip nat inside source list 11 pool pool overload
> >ip classless
> >!
> >access-list 1 deny 170.100.101.0
> >access-list 1 permit any
> >access-list 11 permit 1.1.1.0 0.0.0.254
> >dialer-list 1 protocol ip permit
> >!
> >!
> >line con 0
> > transport input none
> >line aux 0
> >line vty 0 4
> > password cisco
> > login
> >!
> >end
> >=20
> >
> >

• Next message: Kevin Baumgartner: "RE: RIPv2/EIGRP thru tunnel"
• Previous message: Glen Johnstone: "Re: RIPv2/EIGRP thru tunnel"
• Maybe in reply to: Dan Skiptunas: "NAT with secondary address"
• Next in thread: Wu Jiang: "Re: NAT with secondary address"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Thu Jun 13 2002 - 10:27:27 GMT-3