From: san (san.study@gmail.com)
Date: Tue Aug 02 2005 - 12:26:31 GMT-3
Not sure whether this is relevant to this topic.
I have seen NAT examples, where only NAT outside is turned on. ie)
NAT happens with only NAT outside command. (but the same interface
has both inside address as secondary & glo al address as primary). I
havent configured & verified this. The solution guide doesnt have nat
inside command though.
This configuration & example available at IE WB, vol 1, 9.1 - IPservices.
/SAN
On 8/2/05, Chris Lewis (chrlewis) <chrlewis@cisco.com> wrote:
> Not sure I get what you're referring to, but this is how I would read
> the config you have supplied.
>
> The inside source nat command says that any packet with a source address
> that matches access list 12, and is routed via VLAN1, will have its
> source address translated to the ip address of the VLAN1 interface.
> Regarding systems on VLAN1. Once a packet has been routed through VLAN1
> and a translation has occurred and entered in the translation database,
> any packet being routed back through vlan1 that has a destination of
> 192.186.1.2 (and matching port numbers to the entry in the translation
> database) will have its destination address translated according to the
> address translation table.
> If a packet being originated in VLAN1 does not have a destination
> address that matches one of the translation entries, it will not be
> translated.
>
> The basic rules to follow with ip nat inside source are as follows:
>
> * Translates the source of IP packets that are traveling inside to
> outside.
> * Translates the destination of the IP packets that are traveling
> outside to inside.
>
> Chris
>
> -----Original Message-----
> From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of
> Gary Braver
> Sent: Monday, August 01, 2005 10:56 PM
> To: gladston@br.ibm.com; ccielab@groupstudy.com
> Subject: RE: NAT on outside interface
>
> Confused but curious.
>
> int VLAN1
> ip address 192.186.1.2 255.255.255.0
> ip nat outside
> !
> int VLAN2
> ip address 192.186.2.2 255.255.255.0
> ip nat inside
>
> ip route 0.0.0.0 0.0.0.0 192.168.1.1
>
> ip nat inside source list 12 interface VLAN1 overload ....
>
> Does this mean that any system on the VLAN1 interface will be routed
> without NAT!
>
>
>
> -----Original Message-----
> From: gladston@br.ibm.com [mailto:gladston@br.ibm.com]
> Sent: Friday, July 29, 2005 10:18 AM
> To: ccielab@groupstudy.com
> Subject: NAT on outside interface
>
> R1
> s0/0 = nat inside
> e0/0.100 = nat outside
>
> If traffic is originated with source IP of s0/0, NAT does not occur.
> If traffic is originated with source IP of any other interface,
> including interfaces that does not have 'nat inside', nat occurs.
>
> Weird question: Is there a way to have the source IP of e0/0.100
> converted?
>
> Check:
>
> Rack2R1#teln 150.100.1.254 /source-interface Ethernet0/0.60
>
> .Jul 29 07:03:57: NAT: s=148.5.15.1->80.80.80.10, d=150.100.1.254 [0]
> .Jul 29 07:03:57: NAT: s=150.100.1.254, d=80.80.80.10->148.5.15.1 [0]
> .Jul 29 07:03:57: NAT: s=148.5.15.1->80.80.80.10, d=150.100.1.254 [1]
> .Jul 29 07:03:57: NAT: s=148.5.15.1->80.80.80.10, d=150.100.1.254 [2]
>
>
> teln 150.100.1.254 /source-interface Ethernet0/0.100
>
> User Access Verification
>
> Password:
> bb1>sh tcp bri
> TCB Local Address Foreign Address (state)
> 61B92F98 150.100.1.254.23 150.100.1.1.11025 ESTAB
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
This archive was generated by hypermail 2.1.4 : Sun Sep 04 2005 - 17:01:18 GMT-3