Re: NAT: Inside to inside nat translation

From: Pavel Bykov (slidersv@gmail.com)
Date: Tue Jan 20 2009 - 03:03:45 ARST

• Next message: Pavel Bykov: "Re: IPV6 - redistribution"
• Previous message: Raghav Bhargava: "Re: QOS"
• Maybe in reply to: Jan Ballasch: "NAT: Inside to inside nat translation"
• Next in thread: Jan Ballasch: "Re: NAT: Inside to inside nat translation"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Do you have route maps for policy routing on both interfaces? Can you post
their configuration?

On Tue, Jan 20, 2009 at 12:39 AM, Jan Ballasch <haniz@ok.cvut.cz> wrote:

> Hello Experts,
> I have problem with which i fighting for more then two days...
> I need to find out how to make NAT inside to inside translation.
> I have 3 interfaces.
> FA0/2 to ISP (ip nat outside) (172.16.3.9/24)
> FA0/1 to server segment (ip nat inside) (192.168.2.9/24)
> FA0/0 to local users (ip nat inside) (192.168.1.9/24)
>
> ip nat pool FOR_LU 10.0.0.128 10.0.0.254 netmask 255.255.255.0
> ip nat inside source list LOCAL_SEGMENT pool FOR_LU
> ip nat inside source static 192.168.2.2 10.0.0.2
>
> I need to connect from 192.168.1.0/24 segment to server inside global
> address (10.0.0.2).
> But inside to inside translation doesn't works.
> I tried to use interface loopback (ip nat outside) and use ip policy
> route-map on fa0/0 to send traffic sourced from 192.168.1.0 to destination
> 10.0.0.2 to loopback. But it doesn't works it translates only source
> address not destination. Then packets are forwarded to 10.0.0.2 no to
> 192.168.2.2 :-(
>
> Then I tried to have all interfaces outside and loopback inside and do ip
> policy route-map on all interfaces. It relatively do what I want, but. When
> is packet going from 192.168.1.0/24 segment to server inside global
> address (10.0.0.2) it works fine, router translates 192.168.1.0 to
> 10.0.0.128 and 10.0.0.2 to 192.168.2.2. But backwards is problem. I can't
> use route map to send only traffic to dest to 10.0.0.128 and sourced from
> 192.168.2.2 to loopback because it translates first 10.0.0.128 to
> 192.168.1.1 and then is policy routing applied. Then I can't distinguish
> traffic 192.168.1.1 to 192.168.2.2 from 192.168.1.1 to 10.0.0.2 and
> translation (10.0.0.128 to 192.168.2.2 and backwards).
>
> Is there any IOS solution for this two-way NAT?
> Two inside interfaces and NAT between it?
>
> thanx
> haniz
>
>
> Blogs and organic groups at http://www.ccie.net
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
>
>
>
>
>
>
>
>

-- 
Pavel Bykov
----------------
Don't forget to help stopping the braindumps, use of which reduces value of
your certifications. Sign the petition at http://www.stopbraindumps.com/
Blogs and organic groups at http://www.ccie.net

• Next message: Pavel Bykov: "Re: IPV6 - redistribution"
• Previous message: Raghav Bhargava: "Re: QOS"
• Maybe in reply to: Jan Ballasch: "NAT: Inside to inside nat translation"
• Next in thread: Jan Ballasch: "Re: NAT: Inside to inside nat translation"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Sun Mar 01 2009 - 09:43:39 ARST