From: Hunt Lee (ciscoforme3@yahoo.com.au)
Date: Thu Oct 31 2002 - 09:40:30 GMT-3
I don't know if someone has asked the following questions before.
I have configured a 3 routers EBGP (see picture below). What I wanted
is that when a packet is forwarded to RTB, the packet will have a
sournce address from 205.113.50.0/23; when a packet is forwarded to
RTC, the packet must have a source address of 207.36.76.0/23.
For going to RTB, I based this on saying if the outgoing interface for
the packet is s0/0 (the int to RTB), then this packet must be for RTB
(hence NAT range 205.113.50.0/23).
As for going to RTC, I based this on if the Next-Hop IP for the packet
is 207.36.65.254, then this packet destination must be for RTC, hence
NAT range 207.36.76.0/23).
RTB RTC
\ /
RTA
|
10.0.0.0/8 (Inside network)
The thing is, for the packets towards RTB, the NAT works fine.
But for the packets towards RTC, it would work for the first ping, and
the address would be translated. But anytime after that (even when the
NAT entries have expired, it would not be able to be NAT again.
RTA's partial config:
interface FastEthernet0/0
description Inside NAT
ip address 10.1.1.1 255.255.0.0
ip nat inside
duplex auto
speed auto
interface Serial0/0
description to Outside ISP 1 - RTB
ip address 205.113.49.253 255.255.255.252
ip nat outside
clockrate 64000
interface Serial0/1
description to Outside ISP 2 - RTC
ip address 207.36.65.253 255.255.255.252
ip nat outside
clockrate 64000
ip nat pool PoolOne 205.113.50.1 205.113.51.254 netmask 255.255.254.0
type match-host
ip nat pool PoolTwo 207.36.76.1 207.36.76.254 netmask 255.255.254.0
type match-host
ip nat inside source route-map ISP1 pool PoolOne
ip nat inside source route-map ISP2 pool PoolTwo
access-list 1 permit 10.0.0.0 0.255.255.255
access-list 3 permit 207.36.65.254
route-map ISP2 permit 10
match ip address 1
match ip next-hop 3
!
route-map ISP1 permit 10
match ip address 1
match interface Serial0/0
RTA#sh ip route
Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B -BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP
i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS
inter area
* - candidate default, U - per-user static route, o - ODR
P - periodic downloaded static route
Gateway of last resort is not set
1.0.0.0/32 is subnetted, 1 subnets
B 1.1.1.1 [20/0] via 205.113.49.254, 00:04:12
2.0.0.0/32 is subnetted, 1 subnets
B 2.2.2.2 [20/0] via 207.36.65.254, 00:04:12
3.0.0.0/32 is subnetted, 1 subnets
C 3.3.3.3 is directly connected, Loopback0
205.113.49.0/30 is subnetted, 1 subnets
C 205.113.49.252 is directly connected, Serial0/0
207.36.65.0/30 is subnetted, 1 subnets
C 207.36.65.252 is directly connected, Serial0/1
10.0.0.0/16 is subnetted, 1 subnets
C 10.1.0.0 is directly connected, FastEthernet0/0
RTA#
So what's so special about "match ip next-hop" command ?? Does it have
any impact on how NAT behaves ?? Any one help??
Hunt Lee
System Engineer
WebCentral
http://careers.yahoo.com.au - Yahoo! Careers
- 1,000's of jobs waiting online for you!
This archive was generated by hypermail 2.1.4 : Tue Nov 05 2002 - 08:36:01 GMT-3