RE: NAT questions
From: Barney Gaumer (bagaumer@yahoo.com)
Date: Thu Aug 14 2003 - 16:14:54 GMT-3
I should clarify what I said before regarding this
issue because I was only half right (or half wrong)
Which was pointed out in one of the other emails.
If the flow of traffic on the NAT is outside to inside
then NAT occurs before routing. If the flow is inside
to outside the routing occurs before nat.
See:
http://www.cisco.com/en/US/partner/tech/tk648/tk361/technologies_tech_note09186a0080133ddd.shtml
I would also like to say thanks to Dave Madland for
pointing out the syntax for specifying the tcp service
for the global and local addresses with an "ext" NAT
type.
Does anyone know what IOS rev. the TCP option was
available with this NAT type?
Cheers,
Barney
--- emad <emad@zakq8.com> wrote:
> Hi Folks,
> Wing , I think extendable keyword is initiated
> mainly for having
> different traffic or protocols on the same IP as
> follows:
> If we have a machine having the IP 1.1.1.1 but have
> web server running
> on port 80 and telnet daemon(exp.) on port 23 , in
> this case we can use
> extendable keyword to match all these different
> ports reflecting
> different IPs but on the same IP or same machine ,
> but it is useless to
> assign different inside global addresses to the same
> inside local IP
> without any difference between them >...
>
> Cheers
> Emad
>
>
> -----Original Message-----
> From: nobody@groupstudy.com
> [mailto:nobody@groupstudy.com] On Behalf Of
> Barney Gaumer
> Sent: Wednesday, August 13, 2003 7:45 PM
> To: wing_lam@jossynergy.com
> Cc: ccielab@groupstudy.com
> Subject: Re: NAT questions
>
> BBD, it depends on the traffic flow.
>
> Translation occurs before the forwarding decision is
> made. There are possibilities for problems based on
> who initiates to this type of NAT.
>
> For example, if someone initiates to 3.3.3.3 then
> the
> specific match is for the NAT rule �ip nat inside
> source static 1.1.1.1 3.3.3.3 ex� But at any point
> during a conversation, if 1.1.1.1 must initiate then
> �ip nat inside source static 1.1.1.1 2.2.2.2 ex�
> would be matched because it would be the first
> match.
> This would cause the conversation to break down.
>
> You may want to use �ip nat inside source list� so
> that you can make the match criteria more specific
> and
> avoid potential problems.
>
> Cheers,
> Barney
> --- wing_lam@jossynergy.com wrote:
> > Hi all,
> >
> > R5(config)#ip nat inside source static 1.1.1.1
> > 3.3.3.3 ex
> > R5(config)#ip nat inside source static 1.1.1.1
> > 2.2.2.2 ex
> > R5(config)#^Z
> > R5#sh ip nat tr
> > Pro Inside global Inside local Outside
> > local Outside global
> > --- 2.2.2.2 1.1.1.1 ---
>
> > ---
> > --- 3.3.3.3 1.1.1.1 ---
>
> > ---
> >
> > Which inside global will 1.1.1.1 use? round robin
> or
> > always 2.2.2.2?
> >
> > Thx,
> > BBD (Big Black Dog)
> >
> >
> >
> >
> >
>
> >
>
> >
> > MADMAN
>
> >
>
> >
> > <dave@interprise. To:
>
> > emad <emad@zakq8.com>
>
> >
> > com> cc:
>
> > ccielab@groupstudy.com
>
> >
> > Sent by:
> > Subject: Re: NAT questions
>
> >
> > nobody@groupstudy
>
> >
>
> >
> > .com
>
> >
>
> >
> >
>
> >
>
> >
> >
>
> >
>
> >
> > 08/13/2003 11:26
>
> >
>
> >
> > PM
>
> >
>
> >
> > Please respond to
>
> >
>
> >
> > MADMAN
>
> >
>
> >
> >
>
> >
>
> >
> >
>
> >
>
> >
> >
> >
> >
> >
> > emad wrote:
> > > Folks,
> > > When I shall use the keyword "extendable" in
> the
> > NAT command like this:
> > >
> > > ip nat inside source static tcp 10.1.1.8 80
> > 197.7.9.5 80 extendable
> > >
> > > Regards
> >
> > When you have multiple static translations with
> > the same local
> > address you must use the extendable keyeword or
> IOS
> > will reject the
> > ambiguous command.
> >
> > Dave
> >
> > --
> > David Madland
> > CCIE# 2016
> > Sr. Network Engineer
> > Qwest Communications
> > 612-664-3367
> >
> > "Government can do something for the people only
> in
> > proportion as it
> > can do something to the people." -- Thomas
> Jefferson
> >
> >
> >
>
This archive was generated by hypermail 2.1.4
: Tue Sep 02 2003 - 18:53:59 GMT-3