From: Sasa Milic (smilic2@pexim.co.yu)
Date: Mon Feb 05 2007 - 05:34:29 ART
It does look that it is not supported with ios you have. Then it gets little
more complicated. Also, by reading again your post, I see that you actually
don't want to translate 10.10.10.10 into 172.1.1.1, although that's what
can be seen from nat statement. What you want is to PAT source address into
10.10.10.10, when traffic goes to destination 172.1.1.1, and send it over
the same input interface, right ?
So this should have policy-based routing that will match destination, set
next hop interface to loopback, configure loopback as nat inside interface,
and then translate source ip into pool consisting of just one address.
I'll lab it in a few minutes, and see how it works.
Regards,
Sasa
----- Original Message -----
From: "Malcolm Price" <malcolm.price@lanbase.com>
To: "'Sasa Milic'" <smilic2@pexim.co.yu>
Sent: Monday, February 05, 2007 9:26 AM
Subject: RE: NAT Help, router on a stick with NAT
> Hi Sasa,
>
> I'm not quiet sure, I don't think the command ip nat source static is
> supported..
>
> i.e.
> LAB_A(config)#ip nat source static ?
> % Unrecognized command
> LAB_A(config)#ip nat source ?
> % Unrecognized command
> LAB_A(config)#ip nat ?
> Stateful Stateful NAT configuration commands
> inside Inside address translation
> log NAT Logging
> outside Outside address translation
> pool Define pool of addresses
> service Special translation for application using non-standard port
> translation NAT translation entry configuration
>
>
> ....
>
> -----Original Message-----
> From: Sasa Milic [mailto:smilic2@pexim.co.yu]
> Sent: 05 February 2007 07:50
> To: Malcolm Price
> Cc: ccielab@groupstudy.com
> Subject: Re: NAT Help, router on a stick with NAT
>
>
> Malcolm,
>
> AFAIK, this should be done with NVI (NAT Virtual Interface), like:
>
> interface FastEthernet0/0.1
> ip nat enable
> ...
> !
> ip nat source static 10.10.10.10 172.1.1.1
> !
>
> * Notice that there is no "inside" in nat static command!
>
> There shouldn't be any "ip nat inside" and "ip nat outside" commands.
>
>
> HTH,
> Sasa
>
> ----- Original Message -----
> From: "Malcolm Price" <malcolm.price@lanbase.com>
> To: <ccielab@groupstudy.com>
> Sent: Sunday, February 04, 2007 1:37 PM
> Subject: NAT Help, router on a stick with NAT
>
>
>> Hi Group,
>>
>>
>>
>> Has anyone ever setup NAT thorugh a router on a stick configuration.
>>
>>
>>
>> I have a Cisco 2621 with a dot1q trunk supporting two VLANS, 1 and 10.
>>
>>
>>
>> i.e.
>>
>>
>>
>> interface FastEthernet0/0
>>
>> no ip address
>>
>> speed 100
>>
>> full-duplex
>>
>> !
>>
>> interface FastEthernet0/0.1
>>
>> encapsulation dot1Q 1 native
>>
>> ip address 1.1.1.254 255.255.255.0
>>
>> ip nat outside
>>
>> !
>>
>> interface FastEthernet0/0.10
>>
>> encapsulation dot1Q 10
>>
>> ip address 10.10.10.1 255.255.255.0
>>
>> ip nat inside
>>
>> no ip redirects
>>
>>
>>
>> Traffic entering the router via vlan 10 gets checked for a destination
>> address of 172.1.1.1. If this matches it gets translated to 10.10.10.10
>> and
>> it should then go back out of the trunk via vlan 10.
>>
>>
>>
>> I.e.
>>
>>
>>
>> Ip nat inside source static 10.10.10.10 172.1.1.1
>>
>>
>>
>> It gets transled ok, i.e.
>>
>>
>>
>> *Mar 1 23:16:45.426: %SYS-5-CONFIG_I: Configured from console by console
>>
>> *Mar 1 23:16:52.222: NAT: o: tcp (1.1.1.1, 11021) -> (172.1.1.1, 23) [0]
>>
>> *Mar 1 23:16:52.222: NAT: s=1.1.1.1, d=172.1.1.1->10.10.10.10 [0]
>>
>>
>>
>> But the traffic does not go via fa0/0.10.
>>
>>
>>
>> If I simply move the ip nat inside statement from fa0/0.10 onto the
>> serial
>> port s0/0 then it works a treat. It's an issue going back out of the
>> Ethernet, even though it's two vlans.
>>
>>
>>
>> Any comments would be most welcomed :-)
>>
>>
>>
>> M
>>
>> _______________________________________________________________________
>> Subscription information may be found at:
>> http://www.groupstudy.com/list/CCIELab.html
This archive was generated by hypermail 2.1.4 : Thu Mar 01 2007 - 07:38:46 ART