Re: NAT with secondary address

From: Wu Jiang (wujiang@xxxxxxxxx)
Date: Fri Jan 12 2001 - 00:36:21 GMT-3

• Next message: Brian Hescock: "Re: shortcut"
• Previous message: Harbir Kohli: "shortcut"
• Maybe in reply to: Dan Skiptunas: "NAT with secondary address"
• Next in thread: Lykourgiotis Paraskevas: "RE: NAT with secondary address"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

   
Configure an ip nat pool using valid addresses, then configure NAT using this p
ool.
  ip nat pool pool1 170.100.42.1 170.100.42.1 netmask 255.255.255.240
  ip nat inside source list 1 pool pool1 overload.
  access-list 1 permit 1.1.1.0 0.0.0.255
On r5's E0, ip nat inside.
On all other interfaces of r5, ip nat outside.

----- Original Message -----
From: "Dan Skiptunas" <dskiptunas@jannon.com>
To: <ccielab@groupstudy.com>
Sent: Friday, January 12, 2001 5:26 AM
Subject: Re: NAT with secondary address

> The question was (this is a study lab) Configure NAT on vlan 2. Host
> addresses are 1.1.1.1 to 1.1.1.253.
> Use the valid 14-host network on r5's E0 as valid addresses (into the rest
> of the network). make sure that the other routers see the 170.100.42.x route
> but not the 1.1.1.0 network .
>
> now I may be thinking wrong but how would you do this ? I added the
> secondary address because I thought that the hosts would be on the same
> interface , I may be very wrong. any thoughts? Nowhere in this lab does it
> state where the 1.1.1.0 network is
> ----- Original Message -----
> From: "Andrew" <arousch@home.com>
> To: "Dan Skiptunas" <dskiptunas@jannon.com>; <ccielab@groupstudy.com>
> Sent: Thursday, January 11, 2001 2:39 PM
> Subject: Re: NAT with secondary address
>
>
> > I might be unclear. Do you mean 'ip nat inside' and 'ip nat outside' on
> > the same interface between primary and secondary addresses? If so, no.
> IF
> > you mean having a primary and secondary address both participate in the
> 'ip
> > nat inside' group then yes. You can place both subnets in your NAT permit
> ACL.
> >
> > Either way denotes extremely poor design ;)
> >
> > -Cheers
> > -A
> >
> > At 01:32 PM 1/11/01 -0500, Dan Skiptunas wrote:
> > >Hello,
> > > I am trying to find out if you can do NAT on the same interface as =
> > >your secondary addresses... both the inside and outside interface the =
> > >same . see config
> > >
> > >
> > >Thank You,
> > >Dan Skiptunas
> > >Network Engineer
> > >Jannon Solutions
> > > =20
> > >
> > >r5#sho run
> > >Building configuration...
> > >=20
> > >Current configuration:
> > >!
> > >version 12.0
> > >service timestamps debug uptime
> > >service timestamps log uptime
> > >no service password-encryption
> > >!
> > >hostname r5
> > >!
> > >enable password cisco
> > >!
> > >username r3 password 0 cisco
> > >ip subnet-zero
> > >no ip domain-lookup
> > >isdn switch-type basic-ni
> > >!
> > >!
> > >!
> > >interface Ethernet0
> > > ip address 1.1.1.1 255.255.255.0 secondary
> > > ip address 170.100.42.241 255.255.255.240
> > > no ip directed-broadcast
> > > ip nat outside
> > >!
> > >interface Serial0
> > > no ip address
> > > no ip directed-broadcast
> > > encapsulation frame-relay
> > > no ip mroute-cache
> > > frame-relay lmi-type ansi
> > >!
> > >interface Serial0.1 multipoint
> > > ip address 170.100.100.1 255.255.255.0
> > > no ip directed-broadcast
> > > ip ospf network point-to-multipoint
> > > ip ospf interface-retry 0
> > > frame-relay map ip 170.100.100.3 203 broadcast
> > > frame-relay map ip 170.100.100.5 202 broadcast
> > >!
> > >interface Serial0.2 point-to-point
> > > ip address 170.100.101.1 255.255.255.0
> > > no ip directed-broadcast
> > > frame-relay interface-dlci 204
> > >!
> > >interface Serial1
> > > no ip address
> > > no ip directed-broadcast
> > > shutdown
> > >!
> > >interface BRI0
> > > ip address 170.100.10.1 255.255.255.240
> > > no ip directed-broadcast
> > > encapsulation ppp
> > > ip ospf interface-retry 0
> > > dialer idle-timeout 300
> > > dialer map ip 170.100.10.2 name r3 broadcast 0835866101
> > > dialer map ip 170.100.10.2 name r3 broadcast 0835866301
> > > dialer load-threshold 1 either
> > > dialer-group 1
> > > isdn switch-type basic-ni
> > > isdn spid1 0835866201 8358662
> > > isdn spid2 0835866401 8358664
> > > ppp authentication chap
> > > ppp multilink
> > >!
> > >router ospf 50
> > > summary-address 1.1.1.0 255.255.255.0 not-advertise
> > > redistribute rip metric 100 metric-type 1 subnets
> > > network 170.100.10.0 0.0.0.255 area 0
> > > network 170.100.100.0 0.0.0.255 area 0
> > > default-information originate metric 100 metric-type 1
> > >!
> > >router rip
> > > version 2
> > > network 170.100.0.0
> > > no auto-summary
> > >!
> > >router igrp 1
> > > redistribute ospf 50 metric 1500 2000 255 1 1500
> > > network 170.100.0.0
> > >!
> > >ip nat pool pool 170.100.42.242 170.100.42.254 netmask 255.255.255.240
> > >ip nat inside source list 11 pool pool overload
> > >ip classless
> > >!
> > >access-list 1 deny 170.100.101.0
> > >access-list 1 permit any
> > >access-list 11 permit 1.1.1.0 0.0.0.254
> > >dialer-list 1 protocol ip permit
> > >!
> > >!
> > >line con 0
> > > transport input none
> > >line aux 0
> > >line vty 0 4
> > > password cisco
> > > login
> > >!
> > >end
> > >=20
> > >
> > >

• Next message: Brian Hescock: "Re: shortcut"
• Previous message: Harbir Kohli: "shortcut"
• Maybe in reply to: Dan Skiptunas: "NAT with secondary address"
• Next in thread: Lykourgiotis Paraskevas: "RE: NAT with secondary address"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Thu Jun 13 2002 - 10:27:28 GMT-3