From: john matijevic (matijevi@bellsouth.net)
Date: Mon Sep 20 2004 - 16:20:25 GMT-3
Hello Tim,
I believe the ip address of the loopback could be used, I think its just
to make it more clear that the idea is the same network of the loopback
has to be set for the next hop. You may want to repro just to confirm,
but I believe it would achieve the same result. Again according to the
document:
"have the next hop set to 10.0.1.2 and be routed "out" the
!--- loopback interface. All other packets will be routed normally."
Sincerely,
John Matijevic, CCIE #13254, MCSE, CNE, CCEA
CEO
IgorTek Inc.
151 Crandon Blvd. #402
Key Biscayne, FL 33149
Hablo Espanol
305-321-6232
http://home.bellsouth.net/p/PWP-CCIE
-----Original Message-----
From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of
ccie2be
Sent: Monday, September 20, 2004 3:01 PM
To: john matijevic; 'Group Study'
Subject: Re: NAT on a Stick
Hi John,
Thanks for that comprehensive explanation. However, while I understand
everything you said re: the order of opertions, etc, what still isn't
clear
to me is why the loopback adsress itself wasn't used - just another ip
address in the same subnet. Couldn't and shouldn't the ip address of
the
loopback be used as the next-hop address? If not, why?
Thanks again, Tim
----- Original Message -----
From: "john matijevic" <matijevi@bellsouth.net>
To: "'ccie2be'" <ccie2be@nyc.rr.com>; "'Group Study'"
<ccielab@groupstudy.com>
Sent: Monday, September 20, 2004 2:11 PM
Subject: RE: NAT on a Stick
> Hello Tim,
> In this example you stated:
> "In both examples, in the policy routing route-map, the next-hop
address
> is set
> to a non-existent address. How can this be?"
>
> The reason for the policy routing to the non-existent address, is
stated
> in the debug of the document you provided:
> !--- Now that the routing decision has been made, NAT takes place. We
> can
> !--- see above that the address 192.168.2.1 is translated to 10.0.0.12
> and
> !--- this packet is forwarded out Ethernet 0 to the local host.
> !--- Note: When a packet is going from inside to outside, it is routed
> and
> !--- then translated (NAT). In the opposite direction (outside to
> inside),
> !--- NAT takes place first.
>
> So in essence the routing has to take place first in the example
because
> the inside address is the Ethernet and the outside address is the
> loopback, because the host that is pinging is from the outside,
> 177.10.1.3 in this case. I think the confusion in this example, and in
> many NAT examples I have seen comes from seeing the inside vs. outside
> network. Even thought the address is non-existent, the important
concept
> here is the address is on the same network as the loopback so that the
> policy routing can take place, in order for nat to follow.
>
> In the second case:
> First there is a ping from inside of the network to the outside, which
> results in the policy routing before the Nat.
>
> Than the ping is issued from outside of the network to the inside.
> In which case the nat is done before the policy routing, which in this
> case, its not matched and is forward normally.
>
> "!--- The return packet is coming into the e0/0 interface which is a
NAT
>
> !--- outside interface. In this direction (outside to inside),
> translation
> !--- occurs before routing. The above output shows the translation
> taking place."
>
>
> The translation will occur before the policy routing, when the outside
> host pings to the inside network.
>
> Please let me know Tim, if this makes more sense to you, if not I can
> try and do a repro later on. NAT is very important topic, and can be
> quite confusing, because it is one of the technologies, in my opinion
> that is not documented as well as it should be.
>
> Sincerely,
> John Matijevic, CCIE #13254, MCSE, CNE, CCEA
> CEO
> IgorTek Inc.
> 151 Crandon Blvd. #402
> Key Biscayne, FL 33149
> Hablo Espanol
> 305-321-6232
> http://home.bellsouth.net/p/PWP-CCIE
>
>
> -----Original Message-----
> From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf
Of
> ccie2be
> Sent: Monday, September 20, 2004 11:39 AM
> To: Group Study
> Subject: NAT on a Stick
>
> Hi guys,
>
> I came a cross this doc on the above topic:
>
http://www.cisco.com/en/US/partner/tech/tk648/tk361/technologies_tech_no
> te091
> 86a0080094430.shtml
>
>
> I must admit I don't really fully understand it.
>
> In both examples, in the policy roting route-map, the next-hop address
> is set
> to a non-existent address. How can this be?
>
>
> On a more practical level, how possible is something like this in the
> lab. I
> know, of course, all supported IOS features are fair game, but I find
it
> difficult to imagine Cisco coming up with a scenario that recreates a
> NAT on a
> stick requirement given that there aren't any hosts in the actual lab
> and
> loopback interfaces don't look like they could substitute for the
hosts
> shown
> in the examples in this doc.
>
> BTW, I don't want anyone to break the NDA, just looking for comments
on
> the
> feasibility of creating a similar NAT on a Stick scenario in the lab.
>
> Thanks, Tim
>
>
This archive was generated by hypermail 2.1.4 : Fri Oct 01 2004 - 15:00:46 GMT-3