From: Gary Duncanson (gary.duncanson@googlemail.com)
Date: Sat Sep 22 2007 - 16:28:45 ART
Ruth,
Here is the link for NAT on a stick that Jason is alluding to. I think I had
a reason to look at this myself a couple of months back for an situation
where I looked at ways to have inbound traffic NATted and sent out again
(different from your situation).
http://www.cisco.com/warp/public/556/nat-on-stick.html
From the looks of your config you have more than one physical interface but
see if transposing some of the things in this link this works for you.
----- Original Message -----
From: "Jason Guy (jguy)" <jguy@cisco.com>
To: "Gary Duncanson" <gary.duncanson@googlemail.com>;
"ruth@mycomputer.co.uk" <rswgreat@yahoo.co.uk>
Cc: <ccielab@groupstudy.com>
Sent: Saturday, September 22, 2007 3:52 PM
Subject: RE:
Gary,
Which Solie book, and which chapter? Safari does not show page numbers.
:)
Secondly, I think Ruth will need to set up PBR to send the packets to
the loopback interface. Simply sourcing the packet from the loopback
address does not get it into the nat processing. I think the is what
they refer to as Nat-on-a-stick. Absolutely you need to have the IP
reachability to the destination as well.
Jason
-----Original Message-----
From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of
Gary Duncanson
Sent: Saturday, September 22, 2007 9:28 AM
To: ruth@mycomputer.co.uk
Cc: ccielab@groupstudy.com
Subject: Re:
Ruth,
Check Solie page 1040
Without IP reachability NAT will fail. Anchor the subnet you are
translating
to on the router.
create interface..
interface loopback20
ip address 150.50.1.1 255.255.255.0
no ip directed-broadcast
Make sure you have the ip nat inside and ip nat outside commands on the
correct interfaces.
use ip classless
add a route to the outside (translated) network
ip route 0.0.0.0 0.0.0.0 150.50.17.2
HTH
Gary
----- Original Message -----
From: "ruth@mycomputer.co.uk" <rswgreat@yahoo.co.uk>
To: <ccielab@groupstudy.com>
Sent: Saturday, September 22, 2007 1:56 PM
> Hi
>
> Could someone please take a look at this and help me? When I ping
> 150.50.17.2 (reachable out of f0/0) with a source of 192.168.1.1 it
> resolutely
> fails to NAT.
>
> !
> !
> ip cef
> no ip domain lookup
> !
> !
> interface
> Loopback1
> ip address 192.168.1.1 255.255.255.0
> ip nat enable
> !
> interface
> FastEthernet0/0
> ip address 150.50.17.1 255.255.255.0
> ip nat enable
> duplex
> auto
> speed auto
> !
> interface FastEthernet2/0
> ip address 150.50.200.1
> 255.255.255.0
> duplex auto
> speed auto
> !
> router rip
> version 2
> passive-interface default
> no passive-interface FastEthernet0/0
> network
> 150.50.0.0
> no auto-summary
> !
> ip http server
> no ip http secure-server
> !
> !
> ip
> nat pool HideMe 150.50.1.2 150.50.1.254 netmask 255.255.255.0
> ip nat inside
> source list 1 pool HideMe
> !
> access-list 1 permit 192.168.1.0 0.0.0.255
> !
> !
> Interfaces:-
>
> R1#s
> Interface IP-Address OK? Method
> Status Protocol
> FastEthernet0/0 150.50.17.1 YES
> manual up up
> Serial1/0
> unassigned YES unset administratively down down
> Serial1/1
> unassigned YES unset administratively down down
> Serial1/2
> unassigned YES unset administratively down down
> Serial1/3
> unassigned YES unset administratively down down
> FastEthernet2/0
> 150.50.200.1 YES manual up up
> NVI0
> unassigned NO unset up up
> Loopback1 192.168.1.1 YES manual up
> up
>
> Thank you!
> ___________________________________________________________
> Yahoo! Answers -
> Got a question? Someone out there knows the answer. Try it
> now.
> http://uk.answers.yahoo.com/
>
>
This archive was generated by hypermail 2.1.4 : Sat Oct 06 2007 - 12:01:15 ART