From: Martin, Chris (chris@xxxxxxxxxxxx)
Date: Mon May 07 2001 - 16:42:16 GMT-3
You can have NAT inside / outside on the same router, not the same
interface. Sorry for the confusion, sample config below:
ip nat pool test 172.16.131.2 172.16.131.10 netmask 255.255.255.0
ip nat inside source list 7 pool test
ip nat inside source static 10.10.10.1 172.16.131.1
interface e 0
ip address 10.10.10.254 255.255.255.0
ip nat inside
interface s 0
ip address 172.16.131.254 255.255.255.0
ip nat outside
access-list 7 deny host 10.10.10.1
access-list 7 permit 10.10.10.0 0.0.0.255
----- Original Message -----
From: "Jeff K." <jeffbk@austin.rr.com>
To: "Martin, Chris" <chris@pacinter.net>; "'Groupstudy '"
<ccielab@groupstudy.com>
Sent: Monday, May 07, 2001 12:35 PM
Subject: Re: NAT on a stick
> I am curious how you get this to work. Is this only on physical
interfaces
> that allow for subinterfaces (i.e. fast Ethernet, serial) or on certain
> hardware platforms because whenever I enter 'ip nat inside' and then 'ip
nat
> outside,' the outside overrides the inside statement and the only one that
> shows in the config is the 'ip nat outside' (whichever I entered last).
The
> previously described 'ugly' solutions of loopbacks and policy routing
makes
> sense, but I don't see how you can have a physical interface be setup for
> both inside and outside NAT. I'm just curious to see how this works.
>
> Thanks in advance,
>
> -Jeff
> ----- Original Message -----
> From: "Martin, Chris" <chris@pacinter.net>
> To: "'Groupstudy '" <ccielab@groupstudy.com>
> Sent: Monday, May 07, 2001 12:52 PM
> Subject: Re: NAT on a stick
>
>
> > Yes its possible to have a nat inside / outside on the same
> router/interface
> >
> > ----- Original Message -----
> > From: "Padhu (LFG)" <padhu@steinroe.com>
> > To: "'Price, Jamie'" <JPrice@isgteam.com>; "'Johnny Dedon '"
> > <johnny.dedon@exodus.net>; "'Groupstudy '" <ccielab@groupstudy.com>
> > Sent: Monday, May 07, 2001 10:20 AM
> > Subject: NAT on a stick
> >
> >
> > > While we are on this subject, Is it possible to have inside and
outside
> on
> > > the same interface, basically NAT on a stick ?
> > >
> > > Cheers,Padhu
> > >
> > > -----Original Message-----
> > > From: Price, Jamie [mailto:JPrice@isgteam.com]
> > > Sent: Sunday, May 06, 2001 10:39 PM
> > > To: 'Johnny Dedon '; 'Groupstudy '
> > > Subject: RE: Nat question
> > >
> > >
> > > I have a few customers that are using a router and CBAC. They have
> been
> > > provided a WAN IP address and a separate IP address range for their
own
> > use
> > > by their ISP. The intent being that the WAN address goes on the
> external
> > > i/f of the router and block is used for the router internal i/f, the
> > > firewall, and any other devices/statics that require public addresses.
> > >
> > > With the router/CBAC scenario though that configuration can't be
applied
> > > being as the internal router i/f is actually on the LAN. In these
cases
> I
> > > have used the allocated range for NAT while still using the WAN
address,
> > > which is a completely different subnet to the allocated block, for the
> > > external i/f address.
> > >
> > > If that's the sort of scenario you're talking about then yes.....it
> works
> > > fine.
> > >
> > > Jamie
> > >
> > > -----Original Message-----
> > > From: Johnny Dedon
> > > To: Groupstudy
> > > Sent: 5/6/01 4:39 PM
> > > Subject: Nat question
> > >
> > > Can nat be done using a single interface?
> > > I am asked to do nat to an address range that I don't have any
> > > interfaces
> > > belonging to.
> > >
> > > Johnny Dedon
> > > Senior Staff Consultant
> > > Exodus Professional Services
> > > johnny.dedon@exodus.net
> > > www.exodus.net
> > > **Please read:http://www.groupstudy.com/list/posting.html
> > > **Please read:http://www.groupstudy.com/list/posting.html
> > > **Please read:http://www.groupstudy.com/list/posting.html
> > **Please read:http://www.groupstudy.com/list/posting.html
**Please read:http://www.groupstudy.com/list/posting.html
This archive was generated by hypermail 2.1.4 : Thu Jun 13 2002 - 10:30:35 GMT-3