Re: "extendable" keyword in NAT

From: Edouard Zorrilla (ezorrilla@tsf.com.pe)
Date: Tue Mar 03 2009 - 14:15:39 ARST

• Next message: Sadiq Yakasai: "Re: critical options in dot1x"
• Previous message: Hotmail: "Other than AS-prepending?"
• Maybe in reply to: GAURAV MADAN: ""extendable" keyword in NAT"
• Next in thread: Nitin Venugopal: "Re: "extendable" keyword in NAT"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Static NAT IP can responce to ARP-request. "no-alias" forbidden such action.
An easy way to learn this is thru this example I manage to get :

1.- W/0 no-alias:

Rack1R4#sh ip nat statistics
Total active translations: 0 (0 static, 0 dynamic; 0 extended)
Outside interfaces:
  GigabitEthernet0/0
Inside interfaces:
  GigabitEthernet0/1
Hits: 0 Misses: 0
CEF Translated packets: 0, CEF Punted packets: 0
Expired translations: 0
Dynamic mappings:
Queued Packets: 0
Rack1R4#

Rack1R4#siib
Interface IP-Address OK? Method Status
Protocol
GigabitEthernet0/0 132.1.4.4 YES manual up
up
GigabitEthernet0/1 10.4.4.4 YES manual up
up
Serial0/2/0 132.1.45.4 YES manual up
up
Serial0/3/0.1234 132.1.0.4 YES manual up
up
Loopback0 150.1.4.4 YES manual up
up
Rack1R4#sh ip arp
Protocol Address Age (min) Hardware Addr Type Interface
Internet 10.4.4.4 - 000a.b802.4ea1 ARPA
GigabitEthernet0/1
Internet 132.1.4.4 - 000a.b802.4ea0 ARPA
GigabitEthernet0/0
Rack1R4#

So let add the nat statement:
ack1R4#conf t
Enter configuration commands, one per line. End with CNTL/Z.
Rack1R4(config)#ip nat insi so static 10.4.4.44 132.1.4.44
Rack1R4(config)#do sh ip arp
Protocol Address Age (min) Hardware Addr Type Interface
Internet 10.4.4.4 - 000a.b802.4ea1 ARPA
GigabitEthernet0/1
Internet 132.1.4.4 - 000a.b802.4ea0 ARPA
GigabitEthernet0/0
Internet 132.1.4.44 - 000a.b802.4ea0 ARPA
GigabitEthernet0/0 <-------------------That is how nat answe ARP.
Rack1R4(config)#

2.-
With no-alias

Rack1R4(config)#ip nat insi so static 10.4.4.44 132.1.4.44 no-alias
Rack1R4(config)#do sh ip arp
Protocol Address Age (min) Hardware Addr Type Interface
Internet 10.4.4.4 - 000a.b802.4ea1 ARPA
GigabitEthernet0/1
Internet 132.1.4.4 - 000a.b802.4ea0 ARPA
GigabitEthernet0/0
Rack1R4(config)#
<--------------------- There is no ARP for global address.

So, it will not answer arp req.

Regards

----- Original Message -----
From: "Nitin Venugopal" <nitinsworld@gmail.com>
To: "Edouard Zorrilla" <ezorrilla@tsf.com.pe>
Cc: "GAURAV MADAN" <gauravmadan1177@gmail.com>; "Cisco certification"
<ccielab@groupstudy.com>
Sent: Tuesday, March 03, 2009 10:14 AM
Subject: Re: "extendable" keyword in NAT

> Hello Edouard,
>
> Good Example !! Instead of 'extendable' if its 'no-alias' ..what will be
> the
> difference?
>
> Regds
> Nitin
>
> On Tue, Mar 3, 2009 at 6:23 PM, Edouard Zorrilla
> <ezorrilla@tsf.com.pe>wrote:
>
>> Let see, things inside the field:
>>
>> Working witht he topology:
>>
>>
>> R3 (ISP2)
>> /
>> /
>> R5
>> \
>> \
>> R4 (ISP1)
>>
>> R5 is a Multi-Homed site and two ISP's give you 2 different address :
>> 200.200.200.0/24 and 100.100.100.0/24 (Inside Global) and we need to map
>> a
>> server, which is inside R5(Fa0/0), over this two ISP's since we would
>> like
>> to get, let say redundancy. So If we try to map a server w/o extendable
>> option, we get:
>>
>> Rack1R5(config)#ip nat inside source static 132.1.115.11 200.200.200.200
>> Rack1R5(config)#ip nat inside source static 132.1.115.11 100.100.100.100
>> % 132.1.115.11 already mapped (132.1.115.11 -> 200.200.200.200)
>> Rack1R5(config)#
>>
>> So lets do things work adding extendable option there:
>>
>> Rack1R5(config)#no ip nat inside source static 132.1.115.11
>> 200.200.200.200
>> Rack1R5(config)#$de source static 132.1.115.11 200.200.200.200 extendable
>> Rack1R5(config)#$de source static 132.1.115.11 100.100.100.100 extendable
>> Rack1R5(config)#
>> Rack1R5(config)#do sh run | in ip nat
>> ip nat inside
>> ip nat outside
>> ip nat outside
>> ip nat inside source static 132.1.115.11 100.100.100.100 extendable
>> ip nat inside source static 132.1.115.11 200.200.200.200 extendable
>> Rack1R5(config)#
>>
>> Then the part the can not be omited, the testing one:
>>
>> Rack1R3#ping 200.200.200.200 repeat 2 source loopback 0
>>
>> Type escape sequence to abort.
>> Sending 2, 100-byte ICMP Echos to 200.200.200.200, timeout is 2 seconds:
>> Packet sent with a source address of 150.1.3.3
>> !!
>> Success rate is 100 percent (2/2), round-trip min/avg/max = 4/4/4 ms
>> Rack1R3#
>>
>> and
>>
>> Rack1R4#ping 100.100.100.100 repeat 2 source loopback 0
>>
>> Type escape sequence to abort.
>> Sending 2, 100-byte ICMP Echos to 100.100.100.100, timeout is 2 seconds:
>> Packet sent with a source address of 150.1.4.4
>> !!
>> Success rate is 100 percent (2/2), round-trip min/avg/max = 4/4/4 ms
>> Rack1R4#
>>
>> What we got in R5 is:
>>
>> Rack1R5#
>> *Mar 3 13:25:07.609: NAT*: s=150.1.3.3, d=200.200.200.200->132.1.115.11
>> [30496]
>> *Mar 3 13:25:07.613: NAT*: s=132.1.115.11->200.200.200.200, d=150.1.3.3
>> [30496]
>> *Mar 3 13:25:07.613: NAT*: s=150.1.3.3, d=200.200.200.200->132.1.115.11
>> [30497]
>> *Mar 3 13:25:07.613: NAT*: s=132.1.115.11->200.200.200.200, d=150.1.3.3
>> [30497]
>> Rack1R5#
>> Rack1R5#
>> Rack1R5#
>> *Mar 3 13:25:15.021: NAT*: s=150.1.4.4, d=100.100.100.100->132.1.115.11
>> [42]
>> *Mar 3 13:25:15.021: NAT*: s=132.1.115.11->100.100.100.100, d=150.1.4.4
>> [42]
>> *Mar 3 13:25:15.025: NAT*: s=150.1.4.4, d=100.100.100.100->132.1.115.11
>> [43]
>> *Mar 3 13:25:15.025: NAT*: s=132.1.115.11->100.100.100.100, d=150.1.4.4
>> [43]
>> Rack1R5#
>>
>> So it finally works,
>>
>> Regards
>>
>> ----- Original Message ----- From: "GAURAV MADAN" <
>> gauravmadan1177@gmail.com>
>> To: "Cisco certification" <ccielab@groupstudy.com>
>> Sent: Tuesday, March 03, 2009 8:32 AM
>> Subject: "extendable" keyword in NAT
>>
>>
>>
>> Hi
>>> Can someone please make me understand when to use "extendable" keyword
>>> in
>>> NAT statements .
>>>
>>> Ex
>>> ip nat inside source static tcp 1.1.1.1 23 2.2.2.2 23 extendable
>>>
>>> When to use "extendable" and when not to use
>>>
>>> Please advice
>>> Gaurav Madan.
>>>
>>>
>>> Blogs and organic groups at http://www.ccie.net
>>>
>>> _______________________________________________________________________
>>> Subscription information may be found at:
>>> http://www.groupstudy.com/list/CCIELab.html
>>>
>>
>>
>> Blogs and organic groups at http://www.ccie.net
>>
>> _______________________________________________________________________
>> Subscription information may be found at:
>> http://www.groupstudy.com/list/CCIELab.html
>
>
> Blogs and organic groups at http://www.ccie.net
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html

Blogs and organic groups at http://www.ccie.net

• Next message: Sadiq Yakasai: "Re: critical options in dot1x"
• Previous message: Hotmail: "Other than AS-prepending?"
• Maybe in reply to: GAURAV MADAN: ""extendable" keyword in NAT"
• Next in thread: Nitin Venugopal: "Re: "extendable" keyword in NAT"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Mon Apr 06 2009 - 06:44:03 ART