RE: NAT on a stick - possible?

From: andrew.2.shore@xxxxxx
Date: Fri Jun 15 2001 - 10:09:29 GMT-3

   
OK but with a VPN you're terminating a tunnel on the loop back interface.

With NAT a packet passes through the router during which its source or
destination address is modified before the packet leaves.

According to the articles on CCO (NAT Order of Operation) the packet will be
policy routed before it has a chance to be NATed.

I assume this is simply an academic exercise as I can not think of a
situation where this would really be needed, if there is on I would like to
know as it may focus my mind :)

-----Original Message-----
From: dereksmall@cinci.rr.com [mailto:dwsmall@fatkid.com]
Sent: 15 June 2001 12:31
To: andrew.2.shore
Subject: Re: NAT on a stick - possible?

If you read carefully, I suggested using two interfaces. One of them is a
loopback, the other is Ethernet... I've never tried this with NAT, but I
have used this a few times to terminate VPN tunnels. It should be possible.

Derek Small - CCIE # 5832, Nortel NCSE
President
Fatkid.com, Inc.
dwsmall@fatkid.com
----- Original Message -----
From: <andrew.2.shore@bt.com>
To: <dwsmall@fatkid.com>
Sent: Friday, June 15, 2001 3:23 AM
Subject: RE: NAT on a stick - possible?

> You can not have an interface inside & outside the NAT scope.
>
> The only way this would be possible is if the router is trunking to a
switch
> and natting between vlan interfaces
>
> ie
>
> int fa0/1
> trunking (OK so I can't remember the real command, look it up)
>
> int vlan 10
> ip address 10.1.1.1 255.255.255.0
> ip nat inside
>
> int vlan 20
> ip address 156.34.5.4 255.255.255.0
> ip nat outside
>
> fa0/1 is the stick interface, packets enter via vlan 10 are natted to then
> private address and leave via the vlan 20
>
> Hope this helps.
>
> -----Original Message-----
> From: dereksmall@cinci.rr.com [mailto:dwsmall@fatkid.com]
> Sent: 15 June 2001 04:19
> To: Darren Hosking; ccielab
> Subject: Re: NAT on a stick - possible?
>
>
> What about if you used a loopback interface as the outside NAT interface,
> and used the Ethernet interface as the inside interface. The Ethernet
> interface would then have a private address, and a secondary address
> assigned from the same subnet as the pool addresses. Lastly, you would
need
> a policy route on the Ethernet interface to direct all traffic with source
> address from the pool to the loopback interface so that they would be
> "de-nated"
>
> Anyone want to give it a try?
>
> Derek Small - CCIE # 5832, Nortel NCSE
> President
> Fatkid.com, Inc.
> dwsmall@fatkid.com
> ----- Original Message -----
> From: "Darren Hosking" <dhosking@commander.com.au>
> To: <ccielab@groupstudy.com>
> Sent: Thursday, June 14, 2001 8:05 PM
> Subject: NAT on a stick - possible?
>
>
> > Is it possible to do "NAT on a stick"? In certain circumstances I want
to
> > have packets enter a router on the inside interface then have NAT
applied
> > and send them back out on the same interface?
> >
> > Any suggestions?
> >
> > Thanks, Darren
> > **Please read:http://www.groupstudy.com/list/posting.html
> **Please read:http://www.groupstudy.com/list/posting.html
**Please read:http://www.groupstudy.com/list/posting.html

This archive was generated by hypermail 2.1.4 : Thu Jun 13 2002 - 10:31:24 GMT-3