Re: NAT and ARP question

From: Leigh Harrison (ccileigh@gmail.com)
Date: Wed Jan 04 2006 - 13:16:55 GMT-3

• Next message: D R: "Re: NAT and ARP question"
• Previous message: CCIEin2006: "Re: CCIE Assessor Lab"
• Maybe in reply to: D R: "NAT and ARP question"
• Next in thread: D R: "Re: NAT and ARP question"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Howdy,

You need to have a look at the syntax of the nat command.

"ip nat outside source static 10.1.2.98 10.188.1.4"

This means:- If a packet arrives at the interface labelled "outside"
and the ip address is 10.1.2.98, then move it "inside", but give it the
ip address of 10.188.1.4

If you look at the mac address accociated with the 10.188.1.4 address
it's the same as the actual interface Fast0/1. This is because the
interface proxy-arps for the address, this is so that when something is
trying to find 10.188.1.4, the router will say that he knows where is
it, it will then nat it back to 10.1.2.98 and send it on its merry way.

LH

D R wrote:

>Hi Group,
>I'm NATing an address that lives over the WAN but my router shows it as an
>ARP entry on the LAN interface. I'm afraid I don't understand this at all.
>Can somebody please explain?
>
>TIA.
>
>fwb#show run | i 10.188.1.4
>ip nat outside source static 10.1.2.98 10.188.1.4
>ip route 10.188.1.4 255.255.255.255 Serial0/0.500
>
>fwb#show arp
>Protocol Address Age (min) Hardware Addr Type Interface
>Internet 10.188.1.250 205 000f.f861.7c00 ARPA FastEthernet0/1
>Internet 10.188.1.4 - 0012.00d8.88c1 ARPA FastEthernet0/1
>Internet 10.188.1.2 - 0012.00d8.88c1 ARPA FastEthernet0/1
>
>Building configuration...
>
>Current configuration : 7339 bytes
>!
>
>hostname fwb
>
>!
>interface Loopback0
> ip address 10.128.4.216 255.255.255.255
>!
>interface Loopback10
> ip address 10.114.0.119 255.255.255.255
>!
>interface Serial0/0
> bandwidth 1536
> no ip address
> encapsulation frame-relay IETF
> load-interval 30
> priority-group 1
> down-when-looped
> cdp enable
> frame-relay lmi-type ansi
>!
>interface Serial0/0.500 point-to-point
> ip unnumbered Loopback10
> ip nat outside
> frame-relay interface-dlci 500 IETF
>!
>interface FastEthernet0/1
> ip address 10.188.1.2 255.255.255.0
> ip access-group ABC in
> ip nat inside
> speed 100
> full-duplex
>!
>ip nat inside source static 10.110.40.9 10.128.4.222
>ip nat inside source static 10.110.40.8 10.128.4.221
>ip nat inside source static 10.110.40.7 10.128.4.220
>ip nat outside source static 10.1.2.98 10.188.1.4
>ip classless
>ip route 10.110.40.7 255.255.255.255 10.188.1.250
>ip route 10.110.40.8 255.255.255.255 10.188.1.250
>ip route 10.110.40.9 255.255.255.255 10.188.1.250
>ip route 10.128.4.208 255.255.255.240 Null0
>ip route 10.188.1.4 255.255.255.255 Serial0/0.500
>ip route 62.6.99.108 255.255.255.255 Serial0/0.500
>ip tacacs source-interface Loopback0
>no ip http server
>!
>!
>ip access-list extended ABC
> permit tcp host 10.110.40.7 host 10.188.1.4 eq 2002
> permit tcp host 10.110.40.8 host 10.188.1.4 eq 2002
> permit tcp host 10.110.40.9 host 10.188.1.4 eq 2002
> deny ip any any log
>logging source-interface Loopback0
>
>_______________________________________________________________________
>Subscription information may be found at:
>http://www.groupstudy.com/list/CCIELab.html

• Next message: D R: "Re: NAT and ARP question"
• Previous message: CCIEin2006: "Re: CCIE Assessor Lab"
• Maybe in reply to: D R: "NAT and ARP question"
• Next in thread: D R: "Re: NAT and ARP question"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Wed Feb 01 2006 - 07:45:47 GMT-3