From: Brian McGahan (bmcgahan@internetworkexpert.com)
Date: Mon Dec 22 2003 - 15:16:05 GMT-3
Actually yes you can do this. Plug your inside network and outside
network into the same broadcast segment (same VLAN/hub etc) and run NAT on a
stick. This way the Ethernet of the 2511 is both the inside and the outside
interface. Here's a code snippet:
interface Loopback0
description ANY ARBITRARY ADDRESS
ip address 192.168.255.255 255.255.255.255
ip nat inside
!
interface Ethernet0
description PRIMARY IS PUBLIC, SECONDARY IS PRIVATE
ip address 192.168.1.1 255.255.255.0 secondary
ip address 1.2.3.4 255.255.255.0
ip nat outside
ip policy route-map POLICY
!
ip nat pool INSIDE_GLOBAL 1.2.3.4 1.2.3.4 netmask 255.255.255.0
ip nat inside source list INSIDE_LOCAL pool INSIDE_GLOBAL overload
ip route 0.0.0.0 0.0.0.0 1.2.3.1
!
ip access-list standard INSIDE_LOCAL
remark THE INSIDE LOCAL NAT POOL
permit 192.168.1.0 0.0.0.255
!
ip access-list extended POLICY
remark MATCH ANY TRAFFIC ORIGINATED FROM PRIVATE HOSTS
permit ip 192.168.1.0 0.0.0.255 any
!
route-map POLICY permit 10
description MATCH ANY TRAFFIC ORIGINATED FROM PRIVATE HOSTS AND SEND IT
THROUGH THE NAT PROCESS
match ip address POLICY
set interface Loopback0
!
route-map POLICY deny 20
!
end
Brian McGahan, CCIE #8593
bmcgahan@internetworkexpert.com
Internetwork Expert, Inc.
http://www.InternetworkExpert.com
Toll Free: 877-224-8987
Direct: 708-362-1418 (Outside the US and Canada)
> -----Original Message-----
> From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of
> Joseph Rinehart
> Sent: Monday, December 22, 2003 10:31 AM
> To: ccielab@groupstudy.com
> Subject: Re: 2511 setup
>
> are you running any type of NAT?
> ----- Original Message -----
> From: "Hunt Lee" <huntl@webcentral.com.au>
> To: <ccielab@groupstudy.com>
> Sent: Sunday, December 21, 2003 4:25 PM
> Subject: 2511 setup
>
>
> > Hi guys,
> >
> > I only have 1 public IP...
> >
> > Internet ------ ADSL modem ------ 2511
> >
> > Currently, I have to get to my home's PC behind the ADSL modem, and then
> > telnet from there to my 2511.
> >
> > All I wanted to do is to be able to telnet into my 2511 directly from
> > the Internet. Is this possible?
> >
> > Cheers,
> > L.
> >
> > _______________________________________________________________________
> > Please help support GroupStudy by purchasing your study materials from:
> > http://shop.groupstudy.com
> >
> > Subscription information may be found at:
> > http://www.groupstudy.com/list/CCIELab.html
>
> _______________________________________________________________________
> Please help support GroupStudy by purchasing your study materials from:
> http://shop.groupstudy.com
>
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
This archive was generated by hypermail 2.1.4 : Sat Jan 03 2004 - 08:25:44 GMT-3