Re: Problem with NAT

From: Chuck Church (ccie8776@rochester.rr.com)
Date: Mon Feb 03 2003 - 23:46:57 GMT-3

• Next message: Roger Huang: "change lab date within 28 days"
• Previous message: Chuck Church: "Re: Nortel Contivity Client On PC Behind PIX"
• Maybe in reply to: Sam.MicroGate@usa.telekom.de: "Problem with NAT"
• Next in thread: Aamer Kaleem: "Re: Problem with NAT"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Sam,

    Here's a sample config I did. Basically, you do some creative policy
routing to a loopback, and make the loopback the 'ip nat inside'.

ip dhcp pool internal
   network 192.168.0.0 255.255.255.0
   default-router 192.168.0.1
   domain-name superchuck.com
   dns-server 12.127.16.67 12.127.17.71
   lease 0 1
!
interface Loopback0
 ip address 10.0.0.1 255.255.255.0
 ip nat inside
 ip route-cache same-interface
!
interface Ethernet0
 ip address dhcp
 ip address 192.168.0.1 255.255.255.0 secondary
 ip nat outside
 ip route-cache same-interface
 ip route-cache policy
 ip policy route-map 192tolo0
 hold-queue 125 in
!
!
ip local policy route-map 192tolo0
ip nat translation timeout 600
ip nat pool internet 66.24.64.60 66.24.64.60 netmask 255.255.255.0
ip nat inside source list 100 pool internet overload
ip nat inside source static esp 192.168.0.2 interface Ethernet0
ip nat inside source static udp 192.168.0.2 500 66.24.64.60 500 extendable
ip nat inside source static udp 192.168.0.2 69 66.24.64.60 69 extendable
!
access-list 100 permit ip 192.168.0.0 0.0.0.255 any
route-map 192tolo0 permit 10
 match ip address 100
 set interface Loopback0

NOTE: On this version I was running, the router didn't like having the
ethernet address as DHCP along with a secondary. It'll accept a secondary,
but it wouldn't write it to the config. Other than that, it worked pretty
well. Be prepared for a lot of collisions though.

Chuck Church
CCIE #8776, MCNE, MCSE

----- Original Message -----
From: <Sam.MicroGate@usa.telekom.de>
To: <ccielab@groupstudy.com>
Sent: Monday, February 03, 2003 3:46 PM
Subject: Problem with NAT

> Hello Group,
>
> I have a 2501 that is getting its IP address from the an ISP using DHCP.
> Because I do not have a second ethernet interface in the 2501, I assigned
an
> internal secondary address of 172.16.1.1/24 to the same ethernet
interface.
> Now I need the inside hosts to go outside but I am not able to do that
> because I am not able to get NAT to work ( the inside interface is the
same
> as the outside interface) Is there any workaround for this problem.
>
> Sam
> .
.

• Next message: Roger Huang: "change lab date within 28 days"
• Previous message: Chuck Church: "Re: Nortel Contivity Client On PC Behind PIX"
• Maybe in reply to: Sam.MicroGate@usa.telekom.de: "Problem with NAT"
• Next in thread: Aamer Kaleem: "Re: Problem with NAT"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Sat Mar 01 2003 - 11:06:06 GMT-3