From: Paul Kingston (paul@vixtro.com)
Date: Sun Jun 19 2005 - 01:20:37 GMT-3
> Can some one explain me the purpose of access-list below ?? Got this
> tech tip from 911networks.
>
>
> Source interfaces:
> No pool needed, it's sourced by the interface. Everything will look
> like it's originated by S2
>
>
> interface Serial0
> ip nat inside
Add traffic entering inbound to this interface will match a ip nat inside
source list xxx.
If it matches access-list 101 it will use the IP address allocated to
"Serial 2" as the source IP address.
If it matches access-list 102 it will use the IP address allocated to
"Serial 1" as the source IP address.
Why you would do this instead of allocating a pool with overload I don't
know.
More would have to be seen of the topology to know why someone would do
this.
eg. Serial 1 and 2 could have valid IP address and then this would work, I
guess.
If is trying to load balance traffic you would think that traffic based on
its source would be given different gateways.
Route-maps can be issues for this.
> !
> interface Serial1
> ip nat inside
Note: I am interested into why this is inside??
> !
> interface Serial2
> ip nat outside
Note: No matter what source address is derived all traffic will go out the
"outside" interface.
> !
> ip nat inside source list 101 interface Serial2 overload
> ip nat inside source list 102 interface Serial1 overload
> !
> access-list 101 permit ip host 172.16.1.1 33.6.0.0 0.0.255.255
> access-list 102 permit ip host 172.16.1.1 66.6.0.0 0.0.255.255
>
>
>
> Thanks
> /SAN
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
This archive was generated by hypermail 2.1.4 : Wed Jul 06 2005 - 14:43:41 GMT-3