From: Nick Griffin (nick.jon.griffin@gmail.com)
Date: Sat Jan 20 2007 - 15:35:44 ART
I have a unique scenario I thought I had a working solution for, but in some
situations it does not work. In short the requirement is that two hosts both
on the "outside" of the nat process need to communicate with each other. The
target host requires the source host be on the same network as itself, hence
the reason for the nat. The problem is with the nat logic and currently
configuration, both these hosts are on the outside.
R1-----R3
\
\R2
Based on the topology above (hope its visible) R3 would need to access R2,
and R2 would expect R3 it to be on the 192.168.12.0/24 network for example.
Below is R1's configuration
int ser 0.13 point
ip nat outside
192.168.13.1 255.255.255.0
int ser 0.12 point
ip nat outside
192.168.12.1 255.255.255.0
int lo1
ip address 1.1.1.1 255.255.255.255
ip nat inside
ip access-list extended PBR
permit ip host 3.3.3.3 host 2.2.2.2
route-map PBR
match ip address PBR
set interface Lo1
ip nat inside source static 3.3.3.3 192.168.12.69
This actually works on 2500's running 12.2(15)T, on one physical frame relay
interface, with subinterfaces configured as above. I have been unable to get
this to work on a newer 2851 running 12.4 using gige subinterfaces. The
"debug ip policy" shows it matching the routemap, however normal forwarding
is applied in when using gige subinterfaces. I'm essentially trying to
hairpin the nat traffic from R3 to R2 to allow the inside->outside nat
process to work correctly, while the actual hosts reside on the outside, by
using the loopback interface. I'm in the process of trying a 12.3 version to
see if it works, or perhaps it's because of the hardware, or physical
interfaces that its not working.
Thoughts are appreciated.
This archive was generated by hypermail 2.1.4 : Thu Feb 08 2007 - 23:46:57 ART