From: andrew.2.shore@xxxxxx
Date: Fri Jun 15 2001 - 06:11:36 GMT-3
I don't believe this will work either as you are still going in and out of
one interface (see my eailier posting regarding trunking)and that interface
can not be inside and outside the nat scope.
-----Original Message-----
From: Mas Kato [mailto:tealp729@home.com]
Sent: 15 June 2001 09:17
To: 'dereksmall@cinci.rr.com'; 'Darren Hosking'; ccielab@groupstudy.com
Subject: RE: NAT on a stick - possible?
Well, I quickly found out that Ethernet subinterfaces weren't going to
work without trunking :)
But here's a variation on Derek's idea-please let me know if it's really
working like I think it is and keep me honest--
Mas
=================
Setup:
(R6/Outside/192.6.1.0)--(R9/NAT)--(R5/Inside/10.0.0.0)
Inside global scope: 15.0.0.0/24
interface Loopback0
ip address 172.16.0.1 255.255.255.0
ip nat inside
!
interface FastEthernet0/0
ip address 192.6.1.9 255.255.255.0 secondary
ip address 10.0.0.9 255.255.255.0
ip nat outside
ip policy route-map POLICY
!
ip nat pool GLOBAL 15.0.0.1 15.0.0.254 prefix-length 24
ip nat inside source list 100 pool GLOBAL
!
access-list 100 permit ip 10.0.0.0 0.0.0.255 any
route-map POLICY permit 10
match ip address 100
set interface Loopback0
!
end
R9#sh ip nat trans
Pro Inside global Inside local Outside local Outside
global
--- 15.0.0.1 10.0.0.5 --- ---
R9#
R9#deb ip nat
IP NAT debugging is on
R9#
00:31:12: NAT: s=10.0.0.5->15.0.0.1, d=192.6.1.6 [1494]
00:31:12: NAT*: s=192.6.1.6, d=15.0.0.1->10.0.0.5 [1494]
R9#
R6#sh users
Line User Host(s) Idle Location
* 0 con 0 idle 00:00:00
2 vty 0 idle 00:06:22 15.0.0.2
R6#
-----Original Message-----
From: nobody@groupstudy.com [mailto:nobody@groupstudy.com]On Behalf Of
dereksmall@cinci.rr.com
Sent: Thursday, June 14, 2001 8:19 PM
To: Darren Hosking; ccielab@groupstudy.com
Subject: Re: NAT on a stick - possible?
What about if you used a loopback interface as the outside NAT
interface,
and used the Ethernet interface as the inside interface. The Ethernet
interface would then have a private address, and a secondary address
assigned from the same subnet as the pool addresses. Lastly, you would
need
a policy route on the Ethernet interface to direct all traffic with
source
address from the pool to the loopback interface so that they would be
"de-nated"
Anyone want to give it a try?
Derek Small - CCIE # 5832, Nortel NCSE
President
Fatkid.com, Inc.
dwsmall@fatkid.com
----- Original Message -----
From: "Darren Hosking" <dhosking@commander.com.au>
To: <ccielab@groupstudy.com>
Sent: Thursday, June 14, 2001 8:05 PM
Subject: NAT on a stick - possible?
> Is it possible to do "NAT on a stick"? In certain circumstances I want
to
> have packets enter a router on the inside interface then have NAT
applied
> and send them back out on the same interface?
>
> Any suggestions?
>
> Thanks, Darren
> **Please read:http://www.groupstudy.com/list/posting.html
**Please read:http://www.groupstudy.com/list/posting.html
**Please read:http://www.groupstudy.com/list/posting.html
**Please read:http://www.groupstudy.com/list/posting.html
This archive was generated by hypermail 2.1.4 : Thu Jun 13 2002 - 10:31:24 GMT-3