Re: "extendable" keyword in NAT

From: Edouard Zorrilla (ezorrilla@tsf.com.pe)
Date: Tue Mar 03 2009 - 14:54:43 ARST

Looks like some devices are different, each on his own,

Regards

  ----- Original Message -----
  From: Nitin Venugopal
  To: Edouard Zorrilla
  Cc: GAURAV MADAN ; Cisco certification
  Sent: Tuesday, March 03, 2009 11:37 AM
  Subject: Re: "extendable" keyword in NAT

  Thanks for clarifying that.

  On the other hand , why there is no concept of extendable or no -alias for
a static translation on a ASA/PIX?

  Regrds
  Nitin

  On Tue, Mar 3, 2009 at 8:15 PM, Edouard Zorrilla <ezorrilla@tsf.com.pe>
wrote:

    Static NAT IP can responce to ARP-request. "no-alias" forbidden such
action. An easy way to learn this is thru this example I manage to get :

    1.- W/0 no-alias:

    Rack1R4#sh ip nat statistics
    Total active translations: 0 (0 static, 0 dynamic; 0 extended)
    Outside interfaces:
     GigabitEthernet0/0
    Inside interfaces:
     GigabitEthernet0/1
    Hits: 0 Misses: 0
    CEF Translated packets: 0, CEF Punted packets: 0
    Expired translations: 0
    Dynamic mappings:
    Queued Packets: 0
    Rack1R4#

    Rack1R4#siib
    Interface IP-Address OK? Method Status Protocol
    GigabitEthernet0/0 132.1.4.4 YES manual up up
    GigabitEthernet0/1 10.4.4.4 YES manual up up
    Serial0/2/0 132.1.45.4 YES manual up up
    Serial0/3/0.1234 132.1.0.4 YES manual up up
    Loopback0 150.1.4.4 YES manual up up
    Rack1R4#sh ip arp
    Protocol Address Age (min) Hardware Addr Type Interface
    Internet 10.4.4.4 - 000a.b802.4ea1 ARPA
GigabitEthernet0/1
    Internet 132.1.4.4 - 000a.b802.4ea0 ARPA
GigabitEthernet0/0
    Rack1R4#

    So let add the nat statement:
    ack1R4#conf t
    Enter configuration commands, one per line. End with CNTL/Z.
    Rack1R4(config)#ip nat insi so static 10.4.4.44 132.1.4.44
    Rack1R4(config)#do sh ip arp
    Protocol Address Age (min) Hardware Addr Type Interface
    Internet 10.4.4.4 - 000a.b802.4ea1 ARPA
GigabitEthernet0/1
    Internet 132.1.4.4 - 000a.b802.4ea0 ARPA
GigabitEthernet0/0
    Internet 132.1.4.44 - 000a.b802.4ea0 ARPA
GigabitEthernet0/0 <-------------------That is how nat answe ARP.
    Rack1R4(config)#

    2.-
    With no-alias

    Rack1R4(config)#ip nat insi so static 10.4.4.44 132.1.4.44 no-alias
    Rack1R4(config)#do sh ip arp
    Protocol Address Age (min) Hardware Addr Type Interface
    Internet 10.4.4.4 - 000a.b802.4ea1 ARPA
GigabitEthernet0/1
    Internet 132.1.4.4 - 000a.b802.4ea0 ARPA
GigabitEthernet0/0
    Rack1R4(config)# <--------------------- There is no ARP for global
address.

    So, it will not answer arp req.

    Regards

    ----- Original Message ----- From: "Nitin Venugopal"
<nitinsworld@gmail.com>
    To: "Edouard Zorrilla" <ezorrilla@tsf.com.pe>
    Cc: "GAURAV MADAN" <gauravmadan1177@gmail.com>; "Cisco certification"
<ccielab@groupstudy.com>
    Sent: Tuesday, March 03, 2009 10:14 AM
    Subject: Re: "extendable" keyword in NAT

      Hello Edouard,

      Good Example !! Instead of 'extendable' if its 'no-alias' ..what will be
the
      difference?

      Regds
      Nitin

      On Tue, Mar 3, 2009 at 6:23 PM, Edouard Zorrilla
<ezorrilla@tsf.com.pe>wrote:

        Let see, things inside the field:

        Working witht he topology:

           R3 (ISP2)
           /
          /
        R5
         \
           \
            R4 (ISP1)

        R5 is a Multi-Homed site and two ISP's give you 2 different address
:
        200.200.200.0/24 and 100.100.100.0/24 (Inside Global) and we need to
map a
        server, which is inside R5(Fa0/0), over this two ISP's since we would
like
        to get, let say redundancy. So If we try to map a server w/o
extendable
        option, we get:

        Rack1R5(config)#ip nat inside source static 132.1.115.11
200.200.200.200
        Rack1R5(config)#ip nat inside source static 132.1.115.11
100.100.100.100
        % 132.1.115.11 already mapped (132.1.115.11 -> 200.200.200.200)
        Rack1R5(config)#

        So lets do things work adding extendable option there:

        Rack1R5(config)#no ip nat inside source static 132.1.115.11
200.200.200200
        Rack1R5(config)#$de source static 132.1.115.11 200.200.200.200
extendable
        Rack1R5(config)#$de source static 132.1.115.11 100.100.100.100
extendable
        Rack1R5(config)#
        Rack1R5(config)#do sh run | in ip nat
        ip nat inside
        ip nat outside
        ip nat outside
        ip nat inside source static 132.1.115.11 100.100.100.100 extendable
        ip nat inside source static 132.1.115.11 200.200.200.200 extendable
        Rack1R5(config)#

        Then the part the can not be omited, the testing one:

        Rack1R3#ping 200.200.200.200 repeat 2 source loopback 0

        Type escape sequence to abort.
        Sending 2, 100-byte ICMP Echos to 200.200.200.200, timeout is 2
seconds:
        Packet sent with a source address of 150.1.3.3
        !!
        Success rate is 100 percent (2/2), round-trip min/avg/max = 4/4/4 ms
        Rack1R3#

        and

        Rack1R4#ping 100.100.100.100 repeat 2 source loopback 0

        Type escape sequence to abort.
        Sending 2, 100-byte ICMP Echos to 100.100.100.100, timeout is 2
seconds:
        Packet sent with a source address of 150.1.4.4
        !!
        Success rate is 100 percent (2/2), round-trip min/avg/max = 4/4/4 ms
        Rack1R4#

        What we got in R5 is:

        Rack1R5#
        *Mar 3 13:25:07.609: NAT*: s=150.1.3.3,
d=200.200.200.200->132.1.115.11
        [30496]
        *Mar 3 13:25:07.613: NAT*: s=132.1.115.11->200.200.200.200,
d=150.1.3.3
        [30496]
        *Mar 3 13:25:07.613: NAT*: s=150.1.3.3,
d=200.200.200.200->132.1.115.11
        [30497]
        *Mar 3 13:25:07.613: NAT*: s=132.1.115.11->200.200.200.200,
d=150.1.3.3
        [30497]
        Rack1R5#
        Rack1R5#
        Rack1R5#
        *Mar 3 13:25:15.021: NAT*: s=150.1.4.4,
d=100.100.100.100->132.1.115.11
        [42]
        *Mar 3 13:25:15.021: NAT*: s=132.1.115.11->100.100.100.100,
d=1501.4.4
        [42]
        *Mar 3 13:25:15.025: NAT*: s=150.1.4.4,
d=100.100.100.100->132.1.115.11
        [43]
        *Mar 3 13:25:15.025: NAT*: s=132.1115.11->100.100.100.100,
d=150.1.4.4
        [43]
        Rack1R5#

        So it finally works,

        Regards

        ----- Original Message ----- From: "GAURAV MADAN" <
        gauravmadan1177@gmail.com>
        To: "Cisco certification" <ccielab@groupstudy.com>
        Sent: Tuesday, March 03, 2009 8:32 AM
        Subject: "extendable" keyword in NAT

        Hi

          Can someone please make me understand when to use "extendable"
keyword in
          NAT statements .

          Ex
          ip nat inside source static tcp 1.1.1.1 23 2.2.2.2 23 extendable

          When to use "extendable" and when not to use

          Please advice
          Gaurav Madan.

          Blogs and organic groups at http://www.ccie.net

          ___________________________________________________________________
____
          Subscription information may be found at:
          http://www.groupstudy.com/list/CCIELab.html

        Blogs and organic groups at http://www.ccie.net

        _____________________________________________________________________
__
        Subscription information may be found at:
        http://www.groupstudy.com/list/CCIELab.html

      Blogs and organic groups at http://www.ccie.net

      _______________________________________________________________________
      Subscription information may be found at:
      http://www.groupstudy.com/list/CCIELab.html

Blogs and organic groups at http://www.ccie.net

This archive was generated by hypermail 2.1.4 : Mon Apr 06 2009 - 06:44:03 ART