Re: Question About Local Policy Route-map + NAT (IE CoreLab

From: Victor Cappuccio (cvictor@protokolgroup.com)
Date: Sun Apr 16 2006 - 01:08:33 GMT-3

• Next message: chris Iannacone: "ccie study"
• Previous message: Victor Cappuccio: "Re: Question About Local Policy Route-map + NAT (IE CoreLab"
• Maybe in reply to: Victor Cappuccio: "Re: Question About Local Policy Route-map + NAT (IE CoreLab"
• Next in thread: Jian Gu: "Re: Question About Local Policy Route-map + NAT (IE CoreLab"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Lin, that is called NAT on a Stick
here is the link for more information.
http://www.cisco.com/en/US/tech/tk648/tk361/technologies_tech_note09186a0080094430.shtml

HTH
Victor.

Victor Cappuccio escribiC3:
> Hi My friend.. I have not seen this lab yet but maybe Channing the ip
> nat outside to E1/0 and nat inside to loo0
>
>
> Jung-I Lin escribiC3:
>> Dear All,
>>
>> I have a question which is related to Local PBR + NAT.
>> The scenario is like this
>>
>> R5 has several interface participate in OSPF , the only exception is
>> E1/0.
>> The goal is to have the packets which is sourced from R5's E1/0 can
>> reach other and correctly reply back.
>> And the restriction is you can only use one "ip nat outside" command
>> on an interface.
>>
>> So I use local policy route-map + nat , part of the config is as
>> following
>>
>> !
>> interface Loopback0
>> ip address 150.1.5.5 255.255.255.0
>> ip nat outside
>> !
>> interface Ethernet0/0
>> ip address 144.1.5.5 255.255.255.0
>> half-duplex
>> !
>> interface Serial0/0
>> no ip address
>> encapsulation frame-relay
>> clockrate 125000
>> no fair-queue
>> !
>> interface Serial0/0.501 multipoint
>> ip address 144.1.15.5 255.255.255.0
>> ip ospf network point-to-point
>> frame-relay map ip 144.1.15.1 501 broadcast
>> !
>> interface BRI0/0
>> no ip address
>> shutdown
>> !
>> interface Serial0/1
>> ip unnumbered Ethernet0/0
>> encapsulation ppp
>> clockrate 64000
>> !
>> interface Ethernet1/0
>> ip address 144.1.55.5 255.255.255.0
>> ip nat inside
>> half-duplex
>> !
>> router ospf 1
>> log-adjacency-changes
>> redistribute connected subnets route-map CONNECTED->OSPF
>> network 144.1.5.5 0.0.0.0 area 0
>> network 144.1.15.5 0.0.0.0 area 0
>> !
>> ip local policy route-map POLICY
>> ip nat inside source list 1 interface Loopback0 overload
>> access-list 1 permit 144.1.55.0 0.0.0.255
>> access-list 100 permit ip host 144.1.55.5 any
>> !
>> route-map POLICY permit 10
>> match ip address 100
>> set interface Loopback0
>>
>> R5 is able to ping other router without sourced from E1/0
>> Rack1R5#p 144.1.15.1
>>
>> Type escape sequence to abort.
>> Sending 5, 100-byte ICMP Echos to 144.1.15.1, timeout is 2 seconds:
>> !!!!!
>> Success rate is 100 percent (5/5), round-trip min/avg/max = 32/32/32 ms
>>
>>
>> But if I sourced from E1/0 the ping is not ok.
>> Rack1R5#ping 144.1.15.1 source Ethernet1/0
>>
>> Type escape sequence to abort.
>> Sending 5, 100-byte ICMP Echos to 144.1.15.1, timeout is 2 seconds:
>> Packet sent with a source address of 144.1.55.5
>> .....
>> Success rate is 0 percent (0/5)
>>
>>
>> I use debug ip policy and debug ip nat, and the output
>> *Mar 1 19:11:01.599: IP: s=144.1.55.5 (local), d=144.1.15.1, len 100,
>> policy match
>> *Mar 1 19:11:01.603: IP: route map POLICY, item 10, permit
>> *Mar 1 19:11:01.603: IP: s=144.1.55.5 (local), d=144.1.15.1
>> (Loopback0), len 100, policy routed
>> *Mar 1 19:11:01.603: IP: local to Loopback0 144.1.15.1.
>> *Mar 1 19:11:03.598: IP: s=144.1.55.5 (local), d=144.1.15.1, len 100,
>> policy match
>> *Mar 1 19:11:03.598: IP: route map POLICY, item 10, permit
>> *Mar 1 19:11:03.598: IP: s=144.1.55.5 (local), d=144.1.15.1
>> (Loopback0), len 100, policy routed
>> *Mar 1 19:11:03.598: IP: local to Loopback0 144.1.15.1
>> *Mar 1 19:11:05.601: IP: s=144.1.55.5 (local), d=144.1.15.1, len 100,
>> policy match
>> *Mar 1 19:11:05.601: IP: route map POLICY, item 10, permit
>> *Mar 1 19:11:05.601: IP: s=144.1.55.5 (local), d=144.1.15.1
>> (Loopback0), len 100, policy routed
>> *Mar 1 19:11:05.601: IP: local to Loopback0 144.1.15.1.
>> *Mar 1 19:11:07.604: IP: s=144.1.55.5 (local), d=144.1.15.1, len 100,
>> policy match
>> *Mar 1 19:11:07.604: IP: route map POLICY, item 10, permit
>> *Mar 1 19:11:07.604: IP: s=144.1.55.5 (local), d=144.1.15.1
>> (Loopback0), len 100, policy routed
>> *Mar 1 19:11:07.604: IP: local to Loopback0 144.1.15.1.
>> *Mar 1 19:11:09.608: IP: s=144.1.55.5 (local), d=144.1.15.1, len 100,
>> policy match
>> *Mar 1 19:11:09.608: IP: route map POLICY, item 10, permit
>> *Mar 1 19:11:09.608: IP: s=144.1.55.5 (local), d=144.1.15.1
>> (Loopback0), len 100, policy routed
>> *Mar 1 19:11:09.608: IP: local to Loopback0 144.1.15.1.
>>
>> It seems that the Local PBR is fine, but the NAT did not work.
>> Any comments?
>> --
>> Thanks
>> Best Regards,
>>
>> Jung-I Lin
>>
>> _______________________________________________________________________
>> Subscription information may be found at:
>> http://www.groupstudy.com/list/CCIELab.html

• Next message: chris Iannacone: "ccie study"
• Previous message: Victor Cappuccio: "Re: Question About Local Policy Route-map + NAT (IE CoreLab"
• Maybe in reply to: Victor Cappuccio: "Re: Question About Local Policy Route-map + NAT (IE CoreLab"
• Next in thread: Jian Gu: "Re: Question About Local Policy Route-map + NAT (IE CoreLab"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Mon May 01 2006 - 11:41:57 GMT-3