RE: Destination NAT....(Back to basics)

From: Maljure, Sanjay (smaljure@xxxxxxxxx)
Date: Wed Jan 24 2001 - 18:57:49 GMT-3

• Next message: Christopher M. Heffner: "RE: Sick 2511"
• Previous message: Michael Le: "RE: Destination NAT....(Back to basics)"
• Maybe in reply to: Maljure, Sanjay: "RE: Destination NAT....(Back to basics)"
• Next in thread: Michael Le: "RE: Destination NAT....(Back to basics)"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

   
Brian I am kind of confused....
Say a packet with SIP=10.190.9.20 and DIP=10.190.29.111 arrives on
E0(which is the nat inside interface) (refer to below script)
(nat first, then routing??)
In that case the router will try to route to 10.190.29.111. Lets say the
route to this network points to s0(which is the nat outside interface).
At this point, I am expecting the DIP address of the packet also to be
translated because I am using 'ip nat outside source static...' command.
Am I wrong?
!Thanks

ip nat inside source static 10.190.9.20 172.30.43.111
ip nat inside source static 10.190.9.21 172.30.43.112
ip nat outside source static 172.31.21.111 10.190.29.112
ip nat outside source static 172.31.21.112 10.190.29.111
!
interface Ethernet0
 ip address 10.190.33.254 255.255.255.0
 no ip directed-broadcast
 ip nat inside
 no cdp enable
!
interface Serial0
 ip address 172.30.30.202 255.255.255.0
 no ip directed-broadcast
 ip nat outside
 encapsulation ppp
 ip tcp header-compression
 no ip mroute-cache
 no fair-queue
 compress stac

Sanjay

-----Original Message-----
From: Brian Hescock [mailto:bhescock@cisco.com]
Sent: Wednesday, January 24, 2001 4:41 PM
To: Maljure, Sanjay
Cc: ccielab@groupstudy.com
Subject: RE: Destination NAT....(Back to basics)

Outbound packets--- routing done first, then nat
Inbound packets--- nat first, then route

On Wed, 24 Jan 2001, Maljure, Sanjay wrote:

> Hi everyone
> Please help me with a couple of questions.....
>
> 1. When does the routing decision occur? before or after NAT????
> 2. How about for inside source address NATing? before or after?
> 3. How about for outside source address NATing? before or after?
>
> Can't get to my test lab right now. So any help would be appreciated.
> Also forgive the atrocious english. How does one apply for a poetic
> license?
> Thanks for your time
>
> Sanjay
>
>
> -----Original Message-----
> From: Brian Hescock [mailto:bhescock@cisco.com]
> Sent: Wednesday, January 24, 2001 3:25 PM
> To: Maljure, Sanjay
> Cc: ccielab@groupstudy.com
> Subject: RE: Destination NAT....
>
>
> Sanjay,
> I'm in the middle of a class right now but check a couple of the
docs
> and you should find what you need. I've used the docs to set it up
for
> an
> internal lab I developed and it worked, although overlapping ip
> addresses
> with nat is rather confusing. If I remember correctly there's one key
> stumbling block that you can run into with the static route you need
to
> add (I believe it was a matter of what you point it to, it's not what
> you
> think).
>
> Let me know if you don't get it working and I can check after class, I
> can
> send you that portion of the lab, which includes the working config.
>
> B.
>
> On Wed, 24 Jan 2001, Maljure, Sanjay wrote:
>
> > Hi Brian
> > I did look at the documents describing the "overlapping with NAT " I
> > think what I am trying to do is exactly the same as the
'overlapping'
> > case except for the DNS part. And not having DNS should not really
> > matter.
> > None of the documents that I looked at gave a sample script for
doing
> > this using static IP addresses. One document that I looked in to
used
> > 'inside source list..' and 'outside source list...' to do it as they
> > were translating entire subnets.
> > So I am thinking 'inside source static' and 'outside source static'
> will
> > do the trick for me.
> > What do you think?
> > Thanks
> >
> > Sanjay Maljure
> > CCIE# 6286
> > Enterprise Systems Consultant
> > Ciber, Inc.
> >
> > Tel - 732.225.1700
> > Fax - 732.225.1973
> >
> >
> > -----Original Message-----
> > From: Brian Hescock [mailto:bhescock@cisco.com]
> > Sent: Wednesday, January 24, 2001 2:51 PM
> > To: Maljure, Sanjay
> > Cc: ccielab@groupstudy.com
> > Subject: Re: Destination NAT....
> >
> >
> > Sounds like you want to do NAT with overlapping ip addresses. Do a
> > search
> > on CCO on "NAT and overlapping"
> >
> > Brian
> >
> > On Wed, 24 Jan 2001, Maljure, Sanjay wrote:
> >
> > >
> > > Hi
> > > I thought I knew this stuff but I am beginning to see these funny
> > gnomes
> > > flying around....so please help
> > > What I need to do:
> > >
> > > I have an IP packet
> > > SIP=10.190.9.20
> > > DIP=10.190.29.111
> > >
> > > I need to NAT this so that
> > >
> > > SIP=172.30.43.111
> > > DIP=172.31.21.112
> > >
> > > And all these IP addresses are fixed which means I got to do
static
> > NAT
> > >
> > > I am using a 2500 with "full NAT" feature set
> > >
> > > NATing the source IP addresses can be done with "ip nat inside
> source
> > > static....."
> > > How do I take care of the destination IP address NATing? ("ip nat
> > > outside source static...." will work????)
> > >
> > > Thanks for your time
> > > Sanjay
> > >

• Next message: Christopher M. Heffner: "RE: Sick 2511"
• Previous message: Michael Le: "RE: Destination NAT....(Back to basics)"
• Maybe in reply to: Maljure, Sanjay: "RE: Destination NAT....(Back to basics)"
• Next in thread: Michael Le: "RE: Destination NAT....(Back to basics)"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Thu Jun 13 2002 - 10:27:42 GMT-3