From: Pickell, Aaryn (Aaryn.Pickell@xxxxxxxxxxxxx)
Date: Mon May 07 2001 - 15:03:11 GMT-3
You cannot have the inside and outside on the same interface. NAT on a
Stick is usually going to be cases where you policy route packets from your
outside interface (the LAN) to one or more loopback interfaces, which are
themselves inside or outside interfaces, to force NAT to happen. It's ugly,
and really is an indication of poor network design, but it works sometimes.
I've seen some really elegant versions that just use static host routes
instead of policy routing, but mostly I see policy routing being used.
Aaryn Pickell - CCNP ATM, CCDP, MCSE
Senior Engineer - Routing Protocols
Getronics Inc.
Direct: 713-394-1609
Email:aaryn.pickell@getronics.com
This e-mail message and any attachments are confidential and may be
privileged. If you are not the intended recipient, please notify me
immediately by replying to this message and please destroy all copies of
this message and attachments. Thank you.
> -----Original Message-----
> From: Padhu (LFG) [mailto:padhu@steinroe.com]
> Sent: Monday, May 07, 2001 12:20 PM
> To: 'Price, Jamie'; 'Johnny Dedon '; 'Groupstudy '
> Subject: NAT on a stick
>
>
> While we are on this subject, Is it possible to have inside
> and outside on
> the same interface, basically NAT on a stick ?
>
> Cheers,Padhu
>
> -----Original Message-----
> From: Price, Jamie [mailto:JPrice@isgteam.com]
> Sent: Sunday, May 06, 2001 10:39 PM
> To: 'Johnny Dedon '; 'Groupstudy '
> Subject: RE: Nat question
>
>
> I have a few customers that are using a router and CBAC.
> They have been
> provided a WAN IP address and a separate IP address range for
> their own use
> by their ISP. The intent being that the WAN address goes on
> the external
> i/f of the router and block is used for the router internal i/f, the
> firewall, and any other devices/statics that require public addresses.
>
> With the router/CBAC scenario though that configuration can't
> be applied
> being as the internal router i/f is actually on the LAN. In
> these cases I
> have used the allocated range for NAT while still using the
> WAN address,
> which is a completely different subnet to the allocated block, for the
> external i/f address.
>
> If that's the sort of scenario you're talking about then
> yes.....it works
> fine.
>
> Jamie
>
> -----Original Message-----
> From: Johnny Dedon
> To: Groupstudy
> Sent: 5/6/01 4:39 PM
> Subject: Nat question
>
> Can nat be done using a single interface?
> I am asked to do nat to an address range that I don't have any
> interfaces
> belonging to.
>
> Johnny Dedon
> Senior Staff Consultant
> Exodus Professional Services
> johnny.dedon@exodus.net
> www.exodus.net
> **Please read:http://www.groupstudy.com/list/posting.html
> **Please read:http://www.groupstudy.com/list/posting.html
> **Please read:http://www.groupstudy.com/list/posting.html
**Please read:http://www.groupstudy.com/list/posting.html
This archive was generated by hypermail 2.1.4 : Thu Jun 13 2002 - 10:30:35 GMT-3