Re: NAT and Policy Routing

From: Bob Sinclair (bsin@xxxxxxxxx)
Date: Tue Mar 12 2002 - 19:28:17 GMT-3

• Next message: Don Sautter: "RE: Simulators not requiring manual configuration for SPIDS"
• Previous message: Ahmed Mamoor Amimi: "Re: What is the best method of testing Bridging"
• Maybe in reply to: Bob Sinclair: "NAT and Policy Routing"
• Next in thread: David A Goddard: "Re: NAT and Policy Routing"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

   
Joe,

Thanks for the links. Answer appears to be: before 12.2 you can't do both NAT
 and Policy Routing. 12.2 appears to add the ability to add a policy routing r
oute-map to the end of the the ip nat inside.. statement, as in the example b
elow:

interface Ethernet3
 ip address 172.68.1.100 255.255.255.0
 ip nat outside
 media-type 10BaseT
!
interface Ethernet4
 ip address 192.68.1.100 255.255.255.0
 ip nat outside
 media-type 10BaseT
!
interface Ethernet5
 ip address 11.1.1.100 255.255.255.0
 ip nat inside
 media-type 10BaseT
!
router rip
 network 172.68.0.0
 network 192.68.1.0
!
 ip nat inside source static 11.1.1.2 192.68.1.21 route-map isp2
 ip nat inside source static 11.1.1.2 172.68.1.21 route-map isp1
 ip nat inside source static 11.1.1.1 192.68.1.11 route-map isp2
 ip nat inside source static 11.1.1.1 172.68.1.11 route-map isp1

 access-list 101 permit ip 11.1.1.0 0.0.0.255 172.0.0.0 0.255.255.255.
 access-list 102 permit ip 11.1.1.0 0.0.0.255 192.0.0.0 0.255.255.255
!
route-map isp2 permit 10
 match ip address 102
 set ip next-hop 192.68.1.1
!
route-map isp1 permit 10
 match ip address 101
 set ip next-hop 172.68.1.1

----- Original Message -----
From: "Harris, Joe F" <Joe_Harris@AIMFUNDS.COM>
To: "Bob Sinclair" <bsin@erols.com>
Sent: Tuesday, March 12, 2002 5:01 PM
Subject: RE: NAT and Policy Routing

> These links might be a good start:
>
> http://www.cisco.com/univercd/cc/td/doc/product/software/ios122/122newft/122
> t/122t4/ftnatrt.htm
>
> http://www.cisco.com/warp/public/105/nat_routemap.html
>
> Let me know if the direction you are trying to go or if I am totally of base
> here?
>
> -Joe
>
> -----Original Message-----
> From: Bob Sinclair [mailto:bsin@erols.com]
> Sent: Tuesday, March 12, 2002 3:31 PM
> To: ccielab@groupstudy.com
> Subject: NAT and Policy Routing
>
>
> Folk:
>
> Sorry if this has been covered before, but I can't seem to find anything on
> this point in the archives or on CCO.
>
> Got NAT working fine. Got policy routing working fine. But not the
> combination. I would like to NAT on a router, and also do a policy that
> gives a default next-hop IP address if there is not a route in the table.
> Seems that when the policy kicks in, the NAT does not happen.
>
> Have seen in previous posts the statement that the policy routing takes
> place before the NAT (inside to outside). But I am getting no NAT at all
> with the policy enabled.
>
> Anyone have an idea as to how this can work?
>
> Thanks in advance.

• Next message: Don Sautter: "RE: Simulators not requiring manual configuration for SPIDS"
• Previous message: Ahmed Mamoor Amimi: "Re: What is the best method of testing Bridging"
• Maybe in reply to: Bob Sinclair: "NAT and Policy Routing"
• Next in thread: David A Goddard: "Re: NAT and Policy Routing"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Thu Jun 13 2002 - 10:57:02 GMT-3