RE: NAT question; Bootcamp lab 12

From: Price, Jamie (JPrice@xxxxxxxxxxx)
Date: Thu Jan 25 2001 - 03:07:08 GMT-3

• Next message: Erick B.: "Virtual-Template and outbound calls over dialer"
• Previous message: Les Hardin: "OSPF Config Styles"
• Maybe in reply to: Harbir Kohli: "NAT question; Bootcamp lab 12"
• Next in thread: John Kupec: "Re: NAT question; Bootcamp lab 12"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

   
Just out of interest has anyone tried this using the "DHCP on LAN interface"
capability??

I'm purely thinking home routing/firewall here, what with the evolution of
cable/DSL it would be sort of nice to throw in a 1604 or so, pull a dhcp
address to the outside interface, and then PAT it.

Just wondering if anyones tried it - in production.

Jamie

-----Original Message-----
From: Brian Hescock [mailto:bhescock@cisco.com]
Sent: Wednesday, January 24, 2001 11:13 PM
To: Harbir Kohli
Cc: 'Ccielab
Subject: Re: NAT question; Bootcamp lab 12

Hidden commands? The commands below aren't hidden, they're well documented
and can be seen in the IOS parser.

Technically it isn't NAT, its PAT, which is Port Address
Translation. It's typically used if you don't have any global address
space to use other than what's on your outbound interface(s). It will
allow you to use up to 64,000 translations (4,000 in older versions of
code) for the ip address on the outbound interface.

The access-list refers to the traffic that will be allowed to be
translated and, yes, you could use the same access-list for both. The
reason for that is we route first then perform PAT (or NAT). Be sure
to exclude your outbound interface from the access-list so it doesn't mess
up your routing protocol (i.e. translated hello packets going to the
neighbor). Technically, it shouldn't since it's on an outbound interface
but it will if you do a "permit any" in your access-list (some people
think it's a misconfiguration to do so, but I personally think we should
should file a sys-wish bug so it doesn't do it).

Hope that helps,

Brian

On Wed, 24 Jan 2001, Harbir Kohli wrote:

> Does anyone know Cisco has hidden NAT in the 12.1 manuals?
>
> I am trying to understand what this command does:
>
> ip nat inside source list 1 int s0 overload
> ip nat inside source list 2 int s1 overload
>
> what is the address that this list will use to translate private
> addresses to ? is it picking a random number?
> and why do you use a separate list for each interface? could you use the
> same access list for 2 interfaces so and s1?
>

• Next message: Erick B.: "Virtual-Template and outbound calls over dialer"
• Previous message: Les Hardin: "OSPF Config Styles"
• Maybe in reply to: Harbir Kohli: "NAT question; Bootcamp lab 12"
• Next in thread: John Kupec: "Re: NAT question; Bootcamp lab 12"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Thu Jun 13 2002 - 10:27:43 GMT-3