RE: NAT question

From: El ayachi HADEK (elayachi.hadek@marocconnect.com)
Date: Thu Nov 24 2005 - 08:15:00 GMT-3

• Next message: Venkataramanaiah.R: "Re: COS with Voice VLAN's"
• Previous message: Leigh Harrison: "Keep the tradition alive!!"
• Maybe in reply to: El ayachi HADEK: "NAT question"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Yes. and we can't change the order of nat statements (lists) to change this
behavior

-----Message d'origine-----
De : nobody@groupstudy.com [mailto:nobody@groupstudy.com]De la part de
Stuart.Juggins@computacenter.com
Envoye : Thursday, November 24, 2005 10:17 AM
A : ccielab@groupstudy.com
Objet : RE: NAT question

Like normal access-lists it's the first match isn't it? As the host is
specified in both lists, it will check top-to-bottom on both lists, as
soon as a match is found it's used.

You could just have a deny entry in the first list, so it will definitely
use the second list.

-----Original Message-----
From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of El
ayachi HADEK
Sent: 24 November 2005 09:11
To: Ed Lui
Cc: Cisco certification
Subject: RE: NAT question

When alredy tried this, the list1 is used!
I tried to change the order of ip nat statements, but it seems that cisco
routers uses list numbers for this (from low to high). Unfortunately,
there
is no line numbering for nat statements.
So, overlapping is not allowed. I must deny overlapping addresses from
indesirable access-list.
any comment please!
here is my config:
interface Loopback0
 ip address 200.0.0.1 255.255.255.255
!
interface Loopback1
 ip address 220.220.220.220 255.255.255.0
!
interface FastEthernet0/0
 no ip address
 duplex auto
 speed auto
!
interface FastEthernet1/0
 ip address 150.50.17.1 255.255.255.0
 ip nat outside
 duplex auto
 speed auto
!
interface FastEthernet1/1
 ip address 150.50.200.1 255.255.255.0
 ip nat inside
 duplex auto
 speed auto
!
router ospf 10
 log-adjacency-changes
 area 3 nssa
 summary-address 150.50.200.0 255.255.252.0
 redistribute connected metric-type 1 subnets route-map RED_LP
 network 150.50.17.1 0.0.0.0 area 3
!
ip nat inside source list 20 interface Loopback0 overload
ip nat inside source list 21 interface Loopback1 overload
ip http server
no ip http secure-server
ip classless
ip route 1.1.1.1 255.255.255.255 150.50.17.2
!
!
!
access-list 1 permit 150.50.200.0 0.0.0.255
access-list 20 permit 150.50.200.0 0.0.0.255
access-list 21 permit 150.50.200.1
!

-----Message d'origine-----
De : nobody@groupstudy.com [mailto:nobody@groupstudy.com]De la part de
Ed Lui
Envoyi : Thursday, November 24, 2005 2:57 AM
@ : El ayachi HADEK
Cc : Cisco certification
Objet : Re: NAT question

El ayachi HADEK ,

Never labbed this up. But I would assume list 2. Will you lab this up
and let us know what is the answer ?

Thanks,

Ed Lui

On 11/23/05, El ayachi HADEK <elayachi.hadek@marocconnect.com> wrote:
> Hi all
> How cisco routers and pix manage overlapping between nat statements?
> Exple:
> list1 1.1.1.0/24 , list2 1.1.1.4/32
> ip nat inside source list 1 pool1
> ip nat inside source list 2 pool2
> how will the source address 1.1.1.4 be nated, pool1 or pool2?
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html

• Next message: Venkataramanaiah.R: "Re: COS with Voice VLAN's"
• Previous message: Leigh Harrison: "Keep the tradition alive!!"
• Maybe in reply to: El ayachi HADEK: "NAT question"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Thu Dec 01 2005 - 09:12:07 GMT-3