From: Groupstudy @ CrespoNetworks (@)
Date: Thu Mar 05 2009 - 11:02:30 ARST
Well, I missed putting loopback0 on R8 (10.8.8.2) and now pings work
but I'm still not clear why this works without a "ip nat inside" on
Lo0 (R8)
The topology is like this:
R2
| 10.90.90.1/28
|
| 10.90.90.2/28
-------R1
| (.1)
10.80.80.0/24 |
|
R8----------- |
F0/0 (.3) |
| (.2)
------R6
| .1
| 10.60.60.0/29
|
Basically, traffic needs to be sourced from R6 (10.60.60.1) to R8
(10.80.80.12<---- doesn't exist) but actually goes to R2 (10.90.90.1)
with source 10.8.8.2<-- Return traffic should come back to this IP from R2.
The config is here:
R8
interface Loopback0
ip address 10.8.8.2
interface F0/0
ip address 10.80.80.3 255.255.255.0
ip nat outside
ip nat pool test 10.8.8.2 10.8.8.2 netmask 255.255.255.240
ip nat inside source static 10.60.60.1 10.8.8.2
ip nat inside source static 10.90.90.1 10.80.80.12
ip nat outside source list 199 pool test
!
access-list 199 permit ip host 10.60.60.1 host 10.80.80.12
I seem to understand loopback NAT scenarios but they have always
required a "domain" inside/outside or the use of the newer NVI. Finally
you must disable "ip redirects" on R8 (F0/0) but I haven't figured out
why yet.
I hope this makes sense.
Thanks!
J
Edouard Zorrilla wrote:
> Would please paste the solucion you have donde ? Other, the traffic
> source is sourced from the router itself or by something else inside ?
>
> Regards
>
> ----- Original Message ----- From: "Groupstudy @ CrespoNetworks"
> <groupstudy@cresponet.com>
> Cc: "Cisco certification" <ccielab@groupstudy.com>
> Sent: Thursday, March 05, 2009 5:35 AM
> Subject: Advanced Nat Question
>
>
>> GS,
>>
>> I was hoping someone could help me understand, what seems to me, an
>> advanced NAT question that I can't seem to get my head around. I
>> actually think it may be a typo in the solution. Basically, the
>> question is from "CCIE Routing and Switching Practice Labs" Practice Lab
>> 3 Section 7. BTW, I know the book is a bit dated but I think it still
>> useful. The point of the question is to change the sa and da with the
>> use of proxy arp and no ip redirects. Has anyone done this task and if
>> so, can you confirm the solution? I configured it exactly as the
>> solution states but it does not work. Also, the solution attempts to
>> translate inside and outside addresses with only one interface and just
>> with a "ip nat outside" statement. Thank you in advance.
>>
>> Jimmy
>>
>>
>> Blogs and organic groups at http://www.ccie.net
>>
>> _______________________________________________________________________
>> Subscription information may be found at:
>> http://www.groupstudy.com/list/CCIELab.html
>
>
> Blogs and organic groups at http://www.ccie.net
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
Blogs and organic groups at http://www.ccie.net
This archive was generated by hypermail 2.1.4 : Mon Apr 06 2009 - 06:44:04 ART