From: Ansar Mohideen (ansar@garmco.com)
Date: Mon Aug 11 2003 - 01:29:04 GMT-3
Hi Jang
You have to do overlapping address translation.
Please find the example from the Doc CD.
Translating Overlapping Address Example
In the following example, the addresses in the local network are being used
legitimately by someone else on the Internet. An extra translation is
required to access that external network. Pool net-10 is a pool of outside
local IP addresses. The statement ip nat outside source list 1 pool net-10
translates the addresses of hosts from the outside overlapping network to
addresses in that pool.
ip nat pool net-208 171.69.233.208 171.69.233.223 prefix-length 28
ip nat pool net-10 10.0.1.0 10.0.1.255 prefix-length 24
ip nat inside source list 1 pool net-208
ip nat outside source list 1 pool net-10
!
interface serial 0
ip address 171.69.232.192 255.255.255.240
ip nat outside
!
interface ethernet0
ip address 192.168.1.94 255.255.255.0
ip nat inside
!
access-list 1 permit 192.168.1.0 0.0.0.255
Regards.
-----Original Message-----
From: wwwjjang@chol.com [mailto:wwwjjang@chol.com]
Sent: Sunday, August 10, 2003 5:45 PM
To: ccielab@groupstudy.com
Subject: NAT & Local Policy Based Routing's Question !!
Hi! Everyone..
I was confused by this question..
Who knows the solution ??
---------
Diagram
---------
(e0 1.1.1.1/24)-R2-(so 2.2.2.2)-(s1 2.2.2.1)-R1-(e0 1.1.1.3/24)-(e0
1.1.1.14)-R3
|_______________________________OSPF__________________________|
Note:
- The R2's E0-Net(1.1.1.0.24) is same with the Ethernet-Network between R1
& R3 (1.1.1.0/24)
-R2's E0 is not covered with a OSPF & is a Private-network !!
__________
Question
----------
1> Make Sure that R2'E0-Network can communicate with ouside.
2> Make sure that you can send a ping to the R2's S0(2.2.2.2) with a source
ip
1.1.1.14(R3,s E0) and receive a echo-reply from R2's E0(1.1.1.1)
----------
My answer
----------
1> First, i configure a NAT on R2.(it operates well !!)
R2>
interface Ethernet0
ip address 1.1.1.1 255.255.255.0
ip nat inside
!
interface Serial1
ip address 2.2.2.2 255.255.255.0
ip nat outside
!
ip nat inside source route-map NAT interface serial 0 overload
access-list 20 permit 1.1.1.0 0.0.0.255
!
route-map NAT permit 10
match ip address 20
2> When i send a ping to the R2's s0, i can't receive a echo-reply.
Since the R2's E0-Network(1.1.1.0/24) is same with the Ethernet-Network
between R1 & R3, The echo-reply packet is sended to the R2'E0.
So the echo-reply packet is dropped.
(Can you understand my explanation ???)
So i think that the local policy-map on R2 is a one of the solutins.
R2>
ip local policy route-map POL
route-map POL permit 10
match ip add 150
set ip next-hop 2.2.2.1
access-list 150 permit icmp any any
=> So, when i send a ping to the R2's S0(2.2.2.2) with a source
R3'e0(1.1.1.14),
i can receive a echo-reply from R2's E0(1.1.1.1)!!!!
=> But the NAT don't work. !!!
When i remove the Local policy-map, The NAT works well !!
Do you know the reason of this problem???
How can i solve the two-questions ??
Thanks !!
This archive was generated by hypermail 2.1.4 : Tue Sep 02 2003 - 18:53:57 GMT-3