Re: "extendable" keyword in NAT

From: Nitin Venugopal (nitinsworld@gmail.com)
Date: Tue Mar 03 2009 - 14:37:19 ARST

• Next message: Lars Christensen: "RE: Other than AS-prepending?"
• Previous message: Sadiq Yakasai: "Re: critical options in dot1x"
• Maybe in reply to: GAURAV MADAN: ""extendable" keyword in NAT"
• Next in thread: Edouard Zorrilla: "Re: "extendable" keyword in NAT"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Thanks for clarifying that.

On the other hand , why there is no concept of extendable or no -alias for
a static translation on a ASA/PIX?

Regrds
Nitin

On Tue, Mar 3, 2009 at 8:15 PM, Edouard Zorrilla <ezorrilla@tsf.com.pe>wrote:

> Static NAT IP can responce to ARP-request. "no-alias" forbidden such
> action. An easy way to learn this is thru this example I manage to get :
>
> 1.- W/0 no-alias:
>
> Rack1R4#sh ip nat statistics
> Total active translations: 0 (0 static, 0 dynamic; 0 extended)
> Outside interfaces:
> GigabitEthernet0/0
> Inside interfaces:
> GigabitEthernet0/1
> Hits: 0 Misses: 0
> CEF Translated packets: 0, CEF Punted packets: 0
> Expired translations: 0
> Dynamic mappings:
> Queued Packets: 0
> Rack1R4#
>
> Rack1R4#siib
> Interface IP-Address OK? Method Status Protocol
> GigabitEthernet0/0 132.1.4.4 YES manual up up
> GigabitEthernet0/1 10.4.4.4 YES manual up up
> Serial0/2/0 132.1.45.4 YES manual up up
> Serial0/3/0.1234 132.1.0.4 YES manual up up
> Loopback0 150.1.4.4 YES manual up up
> Rack1R4#sh ip arp
> Protocol Address Age (min) Hardware Addr Type Interface
> Internet 10.4.4.4 - 000a.b802.4ea1 ARPA
> GigabitEthernet0/1
> Internet 132.1.4.4 - 000a.b802.4ea0 ARPA
> GigabitEthernet0/0
> Rack1R4#
>
> So let add the nat statement:
> ack1R4#conf t
> Enter configuration commands, one per line. End with CNTL/Z.
> Rack1R4(config)#ip nat insi so static 10.4.4.44 132.1.4.44
> Rack1R4(config)#do sh ip arp
> Protocol Address Age (min) Hardware Addr Type Interface
> Internet 10.4.4.4 - 000a.b802.4ea1 ARPA
> GigabitEthernet0/1
> Internet 132.1.4.4 - 000a.b802.4ea0 ARPA
> GigabitEthernet0/0
> Internet 132.1.4.44 - 000a.b802.4ea0 ARPA
> GigabitEthernet0/0 <-------------------That is how nat answe ARP.
> Rack1R4(config)#
>
> 2.-
> With no-alias
>
> Rack1R4(config)#ip nat insi so static 10.4.4.44 132.1.4.44 no-alias
> Rack1R4(config)#do sh ip arp
> Protocol Address Age (min) Hardware Addr Type Interface
> Internet 10.4.4.4 - 000a.b802.4ea1 ARPA
> GigabitEthernet0/1
> Internet 132.1.4.4 - 000a.b802.4ea0 ARPA
> GigabitEthernet0/0
> Rack1R4(config)# <--------------------- There is no ARP for global address.
>
> So, it will not answer arp req.
>
> Regards
>
> ----- Original Message ----- From: "Nitin Venugopal" <
> nitinsworld@gmail.com>
> To: "Edouard Zorrilla" <ezorrilla@tsf.com.pe>
> Cc: "GAURAV MADAN" <gauravmadan1177@gmail.com>; "Cisco certification" <
> ccielab@groupstudy.com>
> Sent: Tuesday, March 03, 2009 10:14 AM
> Subject: Re: "extendable" keyword in NAT
>
>
>
> Hello Edouard,
>>
>> Good Example !! Instead of 'extendable' if its 'no-alias' ..what will be
>> the
>> difference?
>>
>> Regds
>> Nitin
>>
>> On Tue, Mar 3, 2009 at 6:23 PM, Edouard Zorrilla <ezorrilla@tsf.com.pe
>> >wrote:
>>
>> Let see, things inside the field:
>>>
>>> Working witht he topology:
>>>
>>>
>>> R3 (ISP2)
>>> /
>>> /
>>> R5
>>> \
>>> \
>>> R4 (ISP1)
>>>
>>> R5 is a Multi-Homed site and two ISP's give you 2 different address :
>>> 200.200.200.0/24 and 100.100.100.0/24 (Inside Global) and we need to map
>>> a
>>> server, which is inside R5(Fa0/0), over this two ISP's since we would
>>> like
>>> to get, let say redundancy. So If we try to map a server w/o extendable
>>> option, we get:
>>>
>>> Rack1R5(config)#ip nat inside source static 132.1.115.11 200.200.200.200
>>> Rack1R5(config)#ip nat inside source static 132.1.115.11 100.100.100.100
>>> % 132.1.115.11 already mapped (132.1.115.11 -> 200.200.200.200)
>>> Rack1R5(config)#
>>>
>>> So lets do things work adding extendable option there:
>>>
>>> Rack1R5(config)#no ip nat inside source static 132.1.115.11
>>> 200.200.200.200
>>> Rack1R5(config)#$de source static 132.1.115.11 200.200.200.200 extendable
>>> Rack1R5(config)#$de source static 132.1.115.11 100.100.100.100 extendable
>>> Rack1R5(config)#
>>> Rack1R5(config)#do sh run | in ip nat
>>> ip nat inside
>>> ip nat outside
>>> ip nat outside
>>> ip nat inside source static 132.1.115.11 100.100.100.100 extendable
>>> ip nat inside source static 132.1.115.11 200.200.200.200 extendable
>>> Rack1R5(config)#
>>>
>>> Then the part the can not be omited, the testing one:
>>>
>>> Rack1R3#ping 200.200.200.200 repeat 2 source loopback 0
>>>
>>> Type escape sequence to abort.
>>> Sending 2, 100-byte ICMP Echos to 200.200.200.200, timeout is 2 seconds:
>>> Packet sent with a source address of 150.1.3.3
>>> !!
>>> Success rate is 100 percent (2/2), round-trip min/avg/max = 4/4/4 ms
>>> Rack1R3#
>>>
>>> and
>>>
>>> Rack1R4#ping 100.100.100.100 repeat 2 source loopback 0
>>>
>>> Type escape sequence to abort.
>>> Sending 2, 100-byte ICMP Echos to 100.100.100.100, timeout is 2 seconds:
>>> Packet sent with a source address of 150.1.4.4
>>> !!
>>> Success rate is 100 percent (2/2), round-trip min/avg/max = 4/4/4 ms
>>> Rack1R4#
>>>
>>> What we got in R5 is:
>>>
>>> Rack1R5#
>>> *Mar 3 13:25:07.609: NAT*: s=150.1.3.3, d=200.200.200.200->132.1.115.11
>>> [30496]
>>> *Mar 3 13:25:07.613: NAT*: s=132.1.115.11->200.200.200.200, d=150.1.3.3
>>> [30496]
>>> *Mar 3 13:25:07.613: NAT*: s=150.1.3.3, d=200.200.200.200->132.1.115.11
>>> [30497]
>>> *Mar 3 13:25:07.613: NAT*: s=132.1.115.11->200.200.200.200, d=150.1.3.3
>>> [30497]
>>> Rack1R5#
>>> Rack1R5#
>>> Rack1R5#
>>> *Mar 3 13:25:15.021: NAT*: s=150.1.4.4, d=100.100.100.100->132.1.115.11
>>> [42]
>>> *Mar 3 13:25:15.021: NAT*: s=132.1.115.11->100.100.100.100, d=150.1.4.4
>>> [42]
>>> *Mar 3 13:25:15.025: NAT*: s=150.1.4.4, d=100.100.100.100->132.1.115.11
>>> [43]
>>> *Mar 3 13:25:15.025: NAT*: s=132.1.115.11->100.100.100.100, d=150.1.4.4
>>> [43]
>>> Rack1R5#
>>>
>>> So it finally works,
>>>
>>> Regards
>>>
>>> ----- Original Message ----- From: "GAURAV MADAN" <
>>> gauravmadan1177@gmail.com>
>>> To: "Cisco certification" <ccielab@groupstudy.com>
>>> Sent: Tuesday, March 03, 2009 8:32 AM
>>> Subject: "extendable" keyword in NAT
>>>
>>>
>>>
>>> Hi
>>>
>>>> Can someone please make me understand when to use "extendable" keyword
>>>> in
>>>> NAT statements .
>>>>
>>>> Ex
>>>> ip nat inside source static tcp 1.1.1.1 23 2.2.2.2 23 extendable
>>>>
>>>> When to use "extendable" and when not to use
>>>>
>>>> Please advice
>>>> Gaurav Madan.
>>>>
>>>>
>>>> Blogs and organic groups at http://www.ccie.net
>>>>
>>>> _______________________________________________________________________
>>>> Subscription information may be found at:
>>>> http://www.groupstudy.com/list/CCIELab.html
>>>>
>>>>
>>>
>>> Blogs and organic groups at http://www.ccie.net
>>>
>>> _______________________________________________________________________
>>> Subscription information may be found at:
>>> http://www.groupstudy.com/list/CCIELab.html
>>>
>>
>>
>> Blogs and organic groups at http://www.ccie.net
>>
>> _______________________________________________________________________
>> Subscription information may be found at:
>> http://www.groupstudy.com/list/CCIELab.html

Blogs and organic groups at http://www.ccie.net

• Next message: Lars Christensen: "RE: Other than AS-prepending?"
• Previous message: Sadiq Yakasai: "Re: critical options in dot1x"
• Maybe in reply to: GAURAV MADAN: ""extendable" keyword in NAT"
• Next in thread: Edouard Zorrilla: "Re: "extendable" keyword in NAT"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Mon Apr 06 2009 - 06:44:03 ART