RE: NAT on outside interface

From: Chris Lewis \(chrlewis\) (chrlewis@cisco.com)
Date: Tue Aug 02 2005 - 11:34:37 GMT-3

• Next message: Thomwin Chen: "Multicast over FR"
• Previous message: Chris Lewis \(chrlewis\): "RE: MQC policing with default-class"
• Maybe in reply to: Gary Braver: "RE: NAT on outside interface"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Not sure I get what you're referring to, but this is how I would read
the config you have supplied.

The inside source nat command says that any packet with a source address
that matches access list 12, and is routed via VLAN1, will have its
source address translated to the ip address of the VLAN1 interface.
Regarding systems on VLAN1. Once a packet has been routed through VLAN1
and a translation has occurred and entered in the translation database,
any packet being routed back through vlan1 that has a destination of
192.186.1.2 (and matching port numbers to the entry in the translation
database) will have its destination address translated according to the
address translation table.
If a packet being originated in VLAN1 does not have a destination
address that matches one of the translation entries, it will not be
translated.

The basic rules to follow with ip nat inside source are as follows:

* Translates the source of IP packets that are traveling inside to
outside.
* Translates the destination of the IP packets that are traveling
outside to inside.

Chris

-----Original Message-----
From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of
Gary Braver
Sent: Monday, August 01, 2005 10:56 PM
To: gladston@br.ibm.com; ccielab@groupstudy.com
Subject: RE: NAT on outside interface

Confused but curious.

int VLAN1
 ip address 192.186.1.2 255.255.255.0
 ip nat outside
!
int VLAN2
 ip address 192.186.2.2 255.255.255.0
 ip nat inside

ip route 0.0.0.0 0.0.0.0 192.168.1.1

ip nat inside source list 12 interface VLAN1 overload ....

Does this mean that any system on the VLAN1 interface will be routed
without NAT!

-----Original Message-----
From: gladston@br.ibm.com [mailto:gladston@br.ibm.com]
Sent: Friday, July 29, 2005 10:18 AM
To: ccielab@groupstudy.com
Subject: NAT on outside interface

R1
s0/0 = nat inside
e0/0.100 = nat outside

If traffic is originated with source IP of s0/0, NAT does not occur.
If traffic is originated with source IP of any other interface,
including interfaces that does not have 'nat inside', nat occurs.

Weird question: Is there a way to have the source IP of e0/0.100
converted?

Check:

Rack2R1#teln 150.100.1.254 /source-interface Ethernet0/0.60

.Jul 29 07:03:57: NAT: s=148.5.15.1->80.80.80.10, d=150.100.1.254 [0]
.Jul 29 07:03:57: NAT: s=150.100.1.254, d=80.80.80.10->148.5.15.1 [0]
.Jul 29 07:03:57: NAT: s=148.5.15.1->80.80.80.10, d=150.100.1.254 [1]
.Jul 29 07:03:57: NAT: s=148.5.15.1->80.80.80.10, d=150.100.1.254 [2]

teln 150.100.1.254 /source-interface Ethernet0/0.100

User Access Verification

Password:
bb1>sh tcp bri
TCB Local Address Foreign Address (state)
61B92F98 150.100.1.254.23 150.100.1.1.11025 ESTAB

• Next message: Thomwin Chen: "Multicast over FR"
• Previous message: Chris Lewis \(chrlewis\): "RE: MQC policing with default-class"
• Maybe in reply to: Gary Braver: "RE: NAT on outside interface"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Sun Sep 04 2005 - 17:01:18 GMT-3