Re: NAT on outside interface

From: san (san.study@gmail.com)
Date: Tue Aug 02 2005 - 12:32:14 GMT-3

• Next message: Rajib Khan: "voice acl"
• Previous message: mathew@oztralia.com: "IEWB Vol 2 - Lab 6 Q -> 5.19 - 5.21 (IGP mutual redistribution)"
• Maybe in reply to: san: "Re: NAT on outside interface"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

I was wrong, Loopback 0 is configured as nat inside & all traffic
coming from secondary addresses are policy routed to loopback0 & then
sent out over primary address.

/SAN

On 8/2/05, san <san.study@gmail.com> wrote:
> Not sure whether this is relevant to this topic.
>
> I have seen NAT examples, where only NAT outside is turned on. ie)
> NAT happens with only NAT outside command. (but the same interface
> has both inside address as secondary & glo al address as primary). I
> havent configured & verified this. The solution guide doesnt have nat
> inside command though.
>
> This configuration & example available at IE WB, vol 1, 9.1 - IPservices.
>
> /SAN
>
> On 8/2/05, Chris Lewis (chrlewis) <chrlewis@cisco.com> wrote:
> > Not sure I get what you're referring to, but this is how I would read
> > the config you have supplied.
> >
> > The inside source nat command says that any packet with a source address
> > that matches access list 12, and is routed via VLAN1, will have its
> > source address translated to the ip address of the VLAN1 interface.
> > Regarding systems on VLAN1. Once a packet has been routed through VLAN1
> > and a translation has occurred and entered in the translation database,
> > any packet being routed back through vlan1 that has a destination of
> > 192.186.1.2 (and matching port numbers to the entry in the translation
> > database) will have its destination address translated according to the
> > address translation table.
> > If a packet being originated in VLAN1 does not have a destination
> > address that matches one of the translation entries, it will not be
> > translated.
> >
> > The basic rules to follow with ip nat inside source are as follows:
> >
> > * Translates the source of IP packets that are traveling inside to
> > outside.
> > * Translates the destination of the IP packets that are traveling
> > outside to inside.
> >
> > Chris
> >
> > -----Original Message-----
> > From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of
> > Gary Braver
> > Sent: Monday, August 01, 2005 10:56 PM
> > To: gladston@br.ibm.com; ccielab@groupstudy.com
> > Subject: RE: NAT on outside interface
> >
> > Confused but curious.
> >
> > int VLAN1
> > ip address 192.186.1.2 255.255.255.0
> > ip nat outside
> > !
> > int VLAN2
> > ip address 192.186.2.2 255.255.255.0
> > ip nat inside
> >
> > ip route 0.0.0.0 0.0.0.0 192.168.1.1
> >
> > ip nat inside source list 12 interface VLAN1 overload ....
> >
> > Does this mean that any system on the VLAN1 interface will be routed
> > without NAT!
> >
> >
> >
> > -----Original Message-----
> > From: gladston@br.ibm.com [mailto:gladston@br.ibm.com]
> > Sent: Friday, July 29, 2005 10:18 AM
> > To: ccielab@groupstudy.com
> > Subject: NAT on outside interface
> >
> > R1
> > s0/0 = nat inside
> > e0/0.100 = nat outside
> >
> > If traffic is originated with source IP of s0/0, NAT does not occur.
> > If traffic is originated with source IP of any other interface,
> > including interfaces that does not have 'nat inside', nat occurs.
> >
> > Weird question: Is there a way to have the source IP of e0/0.100
> > converted?
> >
> > Check:
> >
> > Rack2R1#teln 150.100.1.254 /source-interface Ethernet0/0.60
> >
> > .Jul 29 07:03:57: NAT: s=148.5.15.1->80.80.80.10, d=150.100.1.254 [0]
> > .Jul 29 07:03:57: NAT: s=150.100.1.254, d=80.80.80.10->148.5.15.1 [0]
> > .Jul 29 07:03:57: NAT: s=148.5.15.1->80.80.80.10, d=150.100.1.254 [1]
> > .Jul 29 07:03:57: NAT: s=148.5.15.1->80.80.80.10, d=150.100.1.254 [2]
> >
> >
> > teln 150.100.1.254 /source-interface Ethernet0/0.100
> >
> > User Access Verification
> >
> > Password:
> > bb1>sh tcp bri
> > TCB Local Address Foreign Address (state)
> > 61B92F98 150.100.1.254.23 150.100.1.1.11025 ESTAB
> >
> > _______________________________________________________________________
> > Subscription information may be found at:
> > http://www.groupstudy.com/list/CCIELab.html
> >
> > _______________________________________________________________________
> > Subscription information may be found at:
> > http://www.groupstudy.com/list/CCIELab.html
> >
> > _______________________________________________________________________
> > Subscription information may be found at:
> > http://www.groupstudy.com/list/CCIELab.html

• Next message: Rajib Khan: "voice acl"
• Previous message: mathew@oztralia.com: "IEWB Vol 2 - Lab 6 Q -> 5.19 - 5.21 (IGP mutual redistribution)"
• Maybe in reply to: san: "Re: NAT on outside interface"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Sun Sep 04 2005 - 17:01:18 GMT-3