From: Sadiq Yakasai (sadiqtanko@gmail.com)
Date: Thu Mar 05 2009 - 13:39:05 ARST
Not much to be honest. How can you send traffic to an IP address that doesnt
exist? Who would reply to ARP request for that IP, much less the traffic
going out the interface of the router originating it. More light on this
would definately be a great idea :-)
Thanks,
On Thu, Mar 5, 2009 at 1:02 PM, Groupstudy @ CrespoNetworks <
groupstudy@cresponet.com> wrote:
> Well, I missed putting loopback0 on R8 (10.8.8.2) and now pings work
> but I'm still not clear why this works without a "ip nat inside" on
> Lo0 (R8)
>
>
>
> The topology is like this:
>
> R2
> | 10.90.90.1/28
> |
> | 10.90.90.2/28
> -------R1
> | (.1)
> 10.80.80.0/24 |
> |
> R8----------- |
> F0/0 (.3) |
> | (.2)
> ------R6
> | .1
> | 10.60.60.0/29
> |
>
>
> Basically, traffic needs to be sourced from R6 (10.60.60.1) to R8
> (10.80.80.12<---- doesn't exist) but actually goes to R2 (10.90.90.1)
> with source 10.8.8.2<-- Return traffic should come back to this IP from R2.
>
> The config is here:
>
> R8
>
> interface Loopback0
> ip address 10.8.8.2
>
> interface F0/0
> ip address 10.80.80.3 255.255.255.0
> ip nat outside
>
>
> ip nat pool test 10.8.8.2 10.8.8.2 netmask 255.255.255.240
> ip nat inside source static 10.60.60.1 10.8.8.2
> ip nat inside source static 10.90.90.1 10.80.80.12
> ip nat outside source list 199 pool test
> !
> access-list 199 permit ip host 10.60.60.1 host 10.80.80.12
>
>
> I seem to understand loopback NAT scenarios but they have always
> required a "domain" inside/outside or the use of the newer NVI. Finally
> you must disable "ip redirects" on R8 (F0/0) but I haven't figured out
> why yet.
>
> I hope this makes sense.
>
> Thanks!
>
> J
>
>
> Edouard Zorrilla wrote:
> > Would please paste the solucion you have donde ? Other, the traffic
> > source is sourced from the router itself or by something else inside ?
> >
> > Regards
> >
> > ----- Original Message ----- From: "Groupstudy @ CrespoNetworks"
> > <groupstudy@cresponet.com>
> > Cc: "Cisco certification" <ccielab@groupstudy.com>
> > Sent: Thursday, March 05, 2009 5:35 AM
> > Subject: Advanced Nat Question
> >
> >
> >> GS,
> >>
> >> I was hoping someone could help me understand, what seems to me, an
> >> advanced NAT question that I can't seem to get my head around. I
> >> actually think it may be a typo in the solution. Basically, the
> >> question is from "CCIE Routing and Switching Practice Labs" Practice Lab
> >> 3 Section 7. BTW, I know the book is a bit dated but I think it still
> >> useful. The point of the question is to change the sa and da with the
> >> use of proxy arp and no ip redirects. Has anyone done this task and if
> >> so, can you confirm the solution? I configured it exactly as the
> >> solution states but it does not work. Also, the solution attempts to
> >> translate inside and outside addresses with only one interface and just
> >> with a "ip nat outside" statement. Thank you in advance.
> >>
> >> Jimmy
> >>
> >>
> >> Blogs and organic groups at http://www.ccie.net
> >>
> >> _______________________________________________________________________
> >> Subscription information may be found at:
> >> http://www.groupstudy.com/list/CCIELab.html
> >
> >
> > Blogs and organic groups at http://www.ccie.net
> >
> > _______________________________________________________________________
> > Subscription information may be found at:
> > http://www.groupstudy.com/list/CCIELab.html
>
>
> Blogs and organic groups at http://www.ccie.net
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
>
>
>
>
>
>
>
>
-- CCIE #19963Blogs and organic groups at http://www.ccie.net
This archive was generated by hypermail 2.1.4 : Mon Apr 06 2009 - 06:44:04 ART