RE: NAT with secondary address

From: Lykourgiotis Paraskevas (ParaskevasL@xxxxxxxxxxxx)
Date: Fri Jan 12 2001 - 04:53:24 GMT-3

• Next message: Wu Jiang: "Re: Still question about netbios access-list, that really let me down!!!"
• Previous message: Jiang: "Still question about netbios access-list, that really let me down!!!"
• Maybe in reply to: Dan Skiptunas: "NAT with secondary address"
• Next in thread: Wu Jiang: "Re: NAT with secondary address"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

   
I haven'd read the whole scenario, but what about using subinterfaces?

-----Original Message-----
From: Manish Rajdev [mailto:ccieapr@yahoo.com]
Sent: Thursday, January 11, 2001 9:50 PM
To: Chuck Larrieu; Dan Skiptunas; ccielab@groupstudy.com
Subject: RE: NAT with secondary address

HI,

No you cannot do IP NAT INSIDE and IP NAT OUTSIDE on
the same interface. If you ceck ur config, it
overwrite the 1st command which u enter by the 2nd
command, try any combination.

For NAT to work, It monitors the packets coming into
the interface, checks on which interface it needs to
be routed & check again if nat is configured on that
interface & then nat accordingly.

You can check this by doing a debug ip nat & the show
ip nat stat, show ip nat trans commands.

Hope this helps

Manish
--- Chuck Larrieu <chuck@cl.cncdsl.com> wrote:
> Forgive me this question, but WHY?
>
> The point of secondary addressing is to expand the
> number of addresses
> available on the same physical wire.
>
> NAT, on the other hand, is done generally the edge
> of your network - between
> inside and outside domains, for any number of
> reasons.
>
> If you have two subnets, A, and B, and both are on
> the same physical segment
> using secondary addressing, why do you need to NAT
> between them?
>
> Chuck
>
> -----Original Message-----
> From: nobody@groupstudy.com
> [mailto:nobody@groupstudy.com] On Behalf Of Dan
> Skiptunas
> Sent: Thursday, January 11, 2001 10:32 AM
> To: ccielab@groupstudy.com
> Subject: NAT with secondary address
>
> Hello,
> I am trying to find out if you can do NAT on the
> same interface as =
> your secondary addresses... both the inside and
> outside interface the =
> same . see config
>
>
> Thank You,
> Dan Skiptunas
> Network Engineer
> Jannon Solutions
> =20
>
> r5#sho run
> Building configuration...
> =20
> Current configuration:
> !
> version 12.0
> service timestamps debug uptime
> service timestamps log uptime
> no service password-encryption
> !
> hostname r5
> !
> enable password cisco
> !
> username r3 password 0 cisco
> ip subnet-zero
> no ip domain-lookup
> isdn switch-type basic-ni
> !
> !
> !
> interface Ethernet0
> ip address 1.1.1.1 255.255.255.0 secondary
> ip address 170.100.42.241 255.255.255.240
> no ip directed-broadcast
> ip nat outside
> !
> interface Serial0
> no ip address
> no ip directed-broadcast
> encapsulation frame-relay
> no ip mroute-cache
> frame-relay lmi-type ansi
> !
> interface Serial0.1 multipoint
> ip address 170.100.100.1 255.255.255.0
> no ip directed-broadcast
> ip ospf network point-to-multipoint
> ip ospf interface-retry 0
> frame-relay map ip 170.100.100.3 203 broadcast
> frame-relay map ip 170.100.100.5 202 broadcast
> !
> interface Serial0.2 point-to-point
> ip address 170.100.101.1 255.255.255.0
> no ip directed-broadcast
> frame-relay interface-dlci 204
> !
> interface Serial1
> no ip address
> no ip directed-broadcast
> shutdown
> !
> interface BRI0
> ip address 170.100.10.1 255.255.255.240
> no ip directed-broadcast
> encapsulation ppp
> ip ospf interface-retry 0
> dialer idle-timeout 300
> dialer map ip 170.100.10.2 name r3 broadcast
> 0835866101
> dialer map ip 170.100.10.2 name r3 broadcast
> 0835866301
> dialer load-threshold 1 either
> dialer-group 1
> isdn switch-type basic-ni
> isdn spid1 0835866201 8358662
> isdn spid2 0835866401 8358664
> ppp authentication chap
> ppp multilink
> !
> router ospf 50
> summary-address 1.1.1.0 255.255.255.0 not-advertise
> redistribute rip metric 100 metric-type 1 subnets
> network 170.100.10.0 0.0.0.255 area 0
> network 170.100.100.0 0.0.0.255 area 0
> default-information originate metric 100
> metric-type 1
> !
> router rip
> version 2
> network 170.100.0.0
> no auto-summary
> !
> router igrp 1
> redistribute ospf 50 metric 1500 2000 255 1 1500
> network 170.100.0.0
> !
> ip nat pool pool 170.100.42.242 170.100.42.254
> netmask 255.255.255.240
> ip nat inside source list 11 pool pool overload
> ip classless
> !
> access-list 1 deny 170.100.101.0
> access-list 1 permit any
> access-list 11 permit 1.1.1.0 0.0.0.254
> dialer-list 1 protocol ip permit
> !
> !
> line con 0
> transport input none
> line aux 0
> line vty 0 4
> password cisco
> login
> !
> end
> =20
>
>
>

• Next message: Wu Jiang: "Re: Still question about netbios access-list, that really let me down!!!"
• Previous message: Jiang: "Still question about netbios access-list, that really let me down!!!"
• Maybe in reply to: Dan Skiptunas: "NAT with secondary address"
• Next in thread: Wu Jiang: "Re: NAT with secondary address"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Thu Jun 13 2002 - 10:27:28 GMT-3