Re: NAT on a stick

From: Johnny Dedon (johnny.dedon@xxxxxxxxxx)
Date: Mon May 07 2001 - 16:47:41 GMT-3

• Next message: robert lowery: "RE: Troubleshooting"
• Previous message: Mark Stover: "RE: Troubleshooting"
• Maybe in reply to: Padhu (LFG): "NAT on a stick"
• Next in thread: Jeff K.: "Re: NAT on a stick"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

   
Chris,
The original question was can you do nat over a single interface?
Johnny Dedon
Senior Staff Consultant
Exodus Professional Services
johnny.dedon@exodus.net
www.exodus.net
----- Original Message -----
From: "Martin, Chris" <chris@pacinter.net>
To: "Jeff K." <jeffbk@austin.rr.com>; "'Groupstudy '"
<ccielab@groupstudy.com>
Sent: Monday, May 07, 2001 2:42 PM
Subject: Re: NAT on a stick

> You can have NAT inside / outside on the same router, not the same
> interface. Sorry for the confusion, sample config below:
>
> ip nat pool test 172.16.131.2 172.16.131.10 netmask 255.255.255.0
> ip nat inside source list 7 pool test
>
> ip nat inside source static 10.10.10.1 172.16.131.1
>
> interface e 0
> ip address 10.10.10.254 255.255.255.0
> ip nat inside
>
> interface s 0
> ip address 172.16.131.254 255.255.255.0
> ip nat outside
>
> access-list 7 deny host 10.10.10.1
> access-list 7 permit 10.10.10.0 0.0.0.255
>
> ----- Original Message -----
> From: "Jeff K." <jeffbk@austin.rr.com>
> To: "Martin, Chris" <chris@pacinter.net>; "'Groupstudy '"
> <ccielab@groupstudy.com>
> Sent: Monday, May 07, 2001 12:35 PM
> Subject: Re: NAT on a stick
>
>
> > I am curious how you get this to work. Is this only on physical
> interfaces
> > that allow for subinterfaces (i.e. fast Ethernet, serial) or on certain
> > hardware platforms because whenever I enter 'ip nat inside' and then 'ip
> nat
> > outside,' the outside overrides the inside statement and the only one
that
> > shows in the config is the 'ip nat outside' (whichever I entered last).
> The
> > previously described 'ugly' solutions of loopbacks and policy routing
> makes
> > sense, but I don't see how you can have a physical interface be setup
for
> > both inside and outside NAT. I'm just curious to see how this works.
> >
> > Thanks in advance,
> >
> > -Jeff
> > ----- Original Message -----
> > From: "Martin, Chris" <chris@pacinter.net>
> > To: "'Groupstudy '" <ccielab@groupstudy.com>
> > Sent: Monday, May 07, 2001 12:52 PM
> > Subject: Re: NAT on a stick
> >
> >
> > > Yes its possible to have a nat inside / outside on the same
> > router/interface
> > >
> > > ----- Original Message -----
> > > From: "Padhu (LFG)" <padhu@steinroe.com>
> > > To: "'Price, Jamie'" <JPrice@isgteam.com>; "'Johnny Dedon '"
> > > <johnny.dedon@exodus.net>; "'Groupstudy '" <ccielab@groupstudy.com>
> > > Sent: Monday, May 07, 2001 10:20 AM
> > > Subject: NAT on a stick
> > >
> > >
> > > > While we are on this subject, Is it possible to have inside and
> outside
> > on
> > > > the same interface, basically NAT on a stick ?
> > > >
> > > > Cheers,Padhu
> > > >
> > > > -----Original Message-----
> > > > From: Price, Jamie [mailto:JPrice@isgteam.com]
> > > > Sent: Sunday, May 06, 2001 10:39 PM
> > > > To: 'Johnny Dedon '; 'Groupstudy '
> > > > Subject: RE: Nat question
> > > >
> > > >
> > > > I have a few customers that are using a router and CBAC. They have
> > been
> > > > provided a WAN IP address and a separate IP address range for their
> own
> > > use
> > > > by their ISP. The intent being that the WAN address goes on the
> > external
> > > > i/f of the router and block is used for the router internal i/f, the
> > > > firewall, and any other devices/statics that require public
addresses.
> > > >
> > > > With the router/CBAC scenario though that configuration can't be
> applied
> > > > being as the internal router i/f is actually on the LAN. In these
> cases
> > I
> > > > have used the allocated range for NAT while still using the WAN
> address,
> > > > which is a completely different subnet to the allocated block, for
the
> > > > external i/f address.
> > > >
> > > > If that's the sort of scenario you're talking about then yes.....it
> > works
> > > > fine.
> > > >
> > > > Jamie
> > > >
> > > > -----Original Message-----
> > > > From: Johnny Dedon
> > > > To: Groupstudy
> > > > Sent: 5/6/01 4:39 PM
> > > > Subject: Nat question
> > > >
> > > > Can nat be done using a single interface?
> > > > I am asked to do nat to an address range that I don't have any
> > > > interfaces
> > > > belonging to.
> > > >
> > > > Johnny Dedon
> > > > Senior Staff Consultant
> > > > Exodus Professional Services
> > > > johnny.dedon@exodus.net
> > > > www.exodus.net
> > > > **Please read:http://www.groupstudy.com/list/posting.html
> > > > **Please read:http://www.groupstudy.com/list/posting.html
> > > > **Please read:http://www.groupstudy.com/list/posting.html
> > > **Please read:http://www.groupstudy.com/list/posting.html
> **Please read:http://www.groupstudy.com/list/posting.html
**Please read:http://www.groupstudy.com/list/posting.html

• Next message: robert lowery: "RE: Troubleshooting"
• Previous message: Mark Stover: "RE: Troubleshooting"
• Maybe in reply to: Padhu (LFG): "NAT on a stick"
• Next in thread: Jeff K.: "Re: NAT on a stick"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Thu Jun 13 2002 - 10:30:35 GMT-3