From: Brian McGahan (bmcgahan@internetworkexpert.com)
Date: Fri Dec 26 2003 - 20:02:58 GMT-3
Nathasha,
Your inside and outside nat definitions are misplaced. Also your
route-map and access-list definitions are incorrect. See the following
config example:
interface Loopback0
description ANY ARBITRARY ADDRESS
ip address 192.168.255.255 255.255.255.255
ip nat inside
!
interface Ethernet0
description PRIMARY IS PUBLIC, SECONDARY IS PRIVATE
ip address 192.168.1.1 255.255.255.0 secondary
ip address 1.2.3.4 255.255.255.0
ip nat outside
ip policy route-map POLICY
!
ip nat pool INSIDE_GLOBAL 1.2.3.4 1.2.3.4 netmask 255.255.255.0
ip nat inside source list INSIDE_LOCAL pool INSIDE_GLOBAL overload
ip route 0.0.0.0 0.0.0.0 1.2.3.1
!
ip access-list standard INSIDE_LOCAL
remark THE INSIDE LOCAL NAT POOL
permit 192.168.1.0 0.0.0.255
!
ip access-list extended POLICY
remark MATCH ANY TRAFFIC ORIGINATED FROM PRIVATE HOSTS
permit ip 192.168.1.0 0.0.0.255 any
!
route-map POLICY permit 10
description MATCH ANY TRAFFIC ORIGINATED FROM PRIVATE HOSTS AND SEND IT
THROUGH THE NAT PROCESS
match ip address POLICY
set interface Loopback0
!
route-map POLICY deny 20
!
end
HTH,
Brian McGahan, CCIE #8593
bmcgahan@internetworkexpert.com
Internetwork Expert, Inc.
http://www.InternetworkExpert.com
Toll Free: 877-224-8987
Direct: 708-362-1418 (Outside the US and Canada)
> -----Original Message-----
> From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of
> Nathasha Aleyevka
> Sent: Friday, December 26, 2003 4:24 PM
> To: ccielab@groupstudy.com
> Subject: NAT on the stick!
>
> Hi everybody,
>
> Unsuccessfully, I have been trying to configure NAT on
> a stick on a 2610 router, I have replicated the
> scenario
> posted at CISCO.com
> _ | Loopback 0
> | |
> |--------E0/0--RouterNAT
> PC----|
> |---------E0--CableModem(CM)
> |
> -
> With the debug enabled I am not seeing no translation.
> IN this scenario the routing decision should take
> place after the NAT. From my PC I am able to ping the
> primary/secondary on the router, but cannot ping the
> CM's E0.Obviously CM doesnt know how to get back to my
> PC. I configured a 2621 with 2 LANs, it works fine.
> The stick doesnt work for me.
>
> sh ip nat sta
> Total active translations: 0 (0 static, 0 dynamic; 0
> extended)
> Outside interfaces:
> Loopback0
> Inside interfaces:
> Ethernet0/0
> Hits: 29 Misses: 8
> Expired translations: 8
> Dynamic mappings:
> -- Inside Source
> access-list 10 interface Ethernet0/0 refcount 0
> r5#
> r5#sh ip nat tra
> r5#sh ip nat translations
>
> PC has an IP address 10.0.0.10/24
> L0- 10.0.1.1/30
> E0/0- 10.0.0.2/24 secondary
> 190.40.10.1/30
> CM-E0- 190.40.10.2/30
>
> Here is the config:
>
> interface Loopback0
> ip address 10.0.1.1 255.255.255.252
> ip nat outside
> !
> interface Ethernet0/0
> ip address 10.0.0.2 255.255.255.0 secondary
> ip address 190.40.10.1 255.255.255.252
> ip nat inside
> ip policy route-map nat
> !
>
> ip nat inside source list 10 interface Ethernet0/0
> overload
> ip classless
> ip route 0.0.0.0 0.0.0.0 190.40.10.2
> !
> access-list 10 permit 10.0.0.0 0.0.0.255
> !
> route-map nat permit 10
> match ip address 102
> set ip next-hop 10.0.1.1 10.0.1.2
> !
> access-list 102 permit ip 10.0.0.0 0.0.0.255 any
> access-list 102 permit ip any 10.0.0.0 0.0.0.255
> Any suggestions!!
>
> Thank you
> Nathasha
>
>
> __________________________________
> Do you Yahoo!?
> New Yahoo! Photos - easier uploading and sharing.
> http://photos.yahoo.com/
>
> _______________________________________________________________________
> Please help support GroupStudy by purchasing your study materials from:
> http://shop.groupstudy.com
>
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
This archive was generated by hypermail 2.1.4 : Sat Jan 03 2004 - 08:25:45 GMT-3