From: Geert Nijs (geert.nijs@simac.be)
Date: Wed Jul 14 2004 - 08:21:56 GMT-3
The no_alias option prevent the router from generating an ARP entry for
the translated address. Static nat works in two ways: a session can be
setup from the inside interface but a session can also be setup from an
outside interface.
To make this work, the router has to "respond" on the outside interface
for the "translated" inside host. He does this by inserting a static arp
entry on the outside interface. You can see this entry with "sh arp"
No_alias prevents this static arp from being created, thereby limiting
the static nat translation to sessions setup from the inside only (a bit
like dynamic nat)
Sometimes this static arp entry can generate problems, such as when you
have two redundant, parallel routers which have the same static nat
rules for redundancy. We have seen situations where the routers start
generating "Duplicate IP address" warnings on the outside interfaces,
since the router sees the same global address with two different mac
addresses: one of router A and one of router B.
Regards,
Geert
-----Original Message-----
From: Carlos G Mendioroz [mailto:tron@huapi.ba.ar]
Sent: woensdag 14 juli 2004 12:26
To: Geert Nijs
Cc: Cooper, David; CCIE LAB List
Subject: Re: Nat Expandable
And also would let you statically nat an inside service to a global
ip:port even when you only have one public address. Cute.
On a related topic, there's a no_alias option. Anyone with an example
case of where this option fits ?
I've seen it used when extendable, but I fail to get why.
Geert Nijs wrote:
> It will "expand" your translations for static natting.
>
> Previously, when using static nat, the only translation you saw in
"show
> ip nat translation" was the ip address:
>
> <inside global> <inside local> <outside global> <outside
local>
>
>
> This was static. So you don't know anything about which sessions is
the
> client using ? is he translating web, ftp, telnet ?? The router
> translates all, but you don't see it.
>
> If you use "expandable", this translation will be expanded to PAT
> dynamically, so when the client sets up a session you will see in
"show
> ip nat translation":
>
> <inside global> <inside local> <outside global> <outside
local>
> <inside global:23> <inside local:23> <outside
> global:1233> <outside local: 1233>
> <inside global:25> <inside local:25> <ourside
> global:1345> <outside global: 1345>
>
> Which gives you an indication of which sessions the client is
using....
>
> Regards,
> Geert
>
> -----Original Message-----
> From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf
Of
> Cooper, David
> Sent: dinsdag 13 juli 2004 19:57
> To: CCIE LAB List
> Subject: Nat Expandable
>
> Can anyone tell me what the expandable command at the end of an IP NAT
> inside/outside actually does? I can not find any good references on
> Cisco and it seems to be a fairly new command. Thanks!
>
> -David
>
>
This archive was generated by hypermail 2.1.4 : Sun Aug 01 2004 - 10:11:54 GMT-3