RE: NAT on a stick - possible?

From: Mas Kato (tealp729@xxxxxxxx)
Date: Fri Jun 15 2001 - 05:16:55 GMT-3

• Next message: Zeng Puyang: "Re: What is the fuction of the established keyword in Access-list?"
• Previous message: Andrew G. Mason: "RE: IPSec and GRE"
• Maybe in reply to: Darren Hosking: "NAT on a stick - possible?"
• Next in thread: andrew.2.shore@xxxxxx: "RE: NAT on a stick - possible?"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

   
Well, I quickly found out that Ethernet subinterfaces weren't going to
work without trunking :)

But here's a variation on Derek's idea-please let me know if it's really
working like I think it is and keep me honest--

Mas

=================
Setup:
(R6/Outside/192.6.1.0)--(R9/NAT)--(R5/Inside/10.0.0.0)
Inside global scope: 15.0.0.0/24

interface Loopback0
 ip address 172.16.0.1 255.255.255.0
 ip nat inside
!
interface FastEthernet0/0
 ip address 192.6.1.9 255.255.255.0 secondary
 ip address 10.0.0.9 255.255.255.0
 ip nat outside
 ip policy route-map POLICY
!
ip nat pool GLOBAL 15.0.0.1 15.0.0.254 prefix-length 24
ip nat inside source list 100 pool GLOBAL
!
access-list 100 permit ip 10.0.0.0 0.0.0.255 any
route-map POLICY permit 10
 match ip address 100
 set interface Loopback0
!
end

R9#sh ip nat trans
Pro Inside global Inside local Outside local Outside
global
--- 15.0.0.1 10.0.0.5 --- ---
R9#
R9#deb ip nat
IP NAT debugging is on
R9#
00:31:12: NAT: s=10.0.0.5->15.0.0.1, d=192.6.1.6 [1494]
00:31:12: NAT*: s=192.6.1.6, d=15.0.0.1->10.0.0.5 [1494]
R9#
R6#sh users
    Line User Host(s) Idle Location
* 0 con 0 idle 00:00:00
   2 vty 0 idle 00:06:22 15.0.0.2

R6#

-----Original Message-----
From: nobody@groupstudy.com [mailto:nobody@groupstudy.com]On Behalf Of
dereksmall@cinci.rr.com
Sent: Thursday, June 14, 2001 8:19 PM
To: Darren Hosking; ccielab@groupstudy.com
Subject: Re: NAT on a stick - possible?

What about if you used a loopback interface as the outside NAT
interface,
and used the Ethernet interface as the inside interface. The Ethernet
interface would then have a private address, and a secondary address
assigned from the same subnet as the pool addresses. Lastly, you would
need
a policy route on the Ethernet interface to direct all traffic with
source
address from the pool to the loopback interface so that they would be
"de-nated"

Anyone want to give it a try?

Derek Small - CCIE # 5832, Nortel NCSE
President
Fatkid.com, Inc.
dwsmall@fatkid.com
----- Original Message -----
From: "Darren Hosking" <dhosking@commander.com.au>
To: <ccielab@groupstudy.com>
Sent: Thursday, June 14, 2001 8:05 PM
Subject: NAT on a stick - possible?

> Is it possible to do "NAT on a stick"? In certain circumstances I want
to
> have packets enter a router on the inside interface then have NAT
applied
> and send them back out on the same interface?
>
> Any suggestions?
>
> Thanks, Darren
> **Please read:http://www.groupstudy.com/list/posting.html
**Please read:http://www.groupstudy.com/list/posting.html
**Please read:http://www.groupstudy.com/list/posting.html

• Next message: Zeng Puyang: "Re: What is the fuction of the established keyword in Access-list?"
• Previous message: Andrew G. Mason: "RE: IPSec and GRE"
• Maybe in reply to: Darren Hosking: "NAT on a stick - possible?"
• Next in thread: andrew.2.shore@xxxxxx: "RE: NAT on a stick - possible?"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Thu Jun 13 2002 - 10:31:24 GMT-3