Re: NAT

From: Edouard Zorrilla (ezorrilla@tsf.com.pe)
Date: Mon Mar 09 2009 - 19:54:54 ARST

• Next message: Edouard Zorrilla: "Re: MAC ACL"
• Previous message: Narbik Kocharians: "Re: DST"
• Maybe in reply to: Andrew Shin: "NAT"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

I understood there is not overload under "ip nat outside source list" and
"ip nat outside source route-map" that is why you can not get the PAT.

Do any one ?

Regards

----- Original Message -----
From: "Andrew Shin" <mr.dude@gmail.com>
To: <ccielab@groupstudy.com>
Sent: Monday, March 09, 2009 9:52 AM
Subject: NAT

>I have a server on the inside interface with an IP address of 9.9.9.9.
> I would like to access this server from the outside interface from devices
> having IP addresses in the range 5.0.0.0/24.
>
> However, I would like two NATs to occur. First, I would like the
> 5.0.0.0/24devices to know the 9.9.9.9 port 80 server as 2.2.2.2 port
> 8080.
> Second, I would like the 9.9.9.9 server to know the 5.0.0.0/24 range as
> one
> IP address (16.16.16.1/32) which I'm hoping would get PATted.
>
> I've got it working with just one IP address from the 5.0.0.0/24 range,
> but
> as soon as I try a second device from the same range it can't access it
> because there's
> only one IP in the pool to use. Is there a way for me to do this PAT on
> the
> outside interface? Do I need to switch the inside and outside interfaces
> so
> that I can get PAT for the 5.0.0.0/24 devices...or am I looking at this
> incorrectly?
>
> Thanks in advance for any assistance!
>
> interface F0/0
> ip nat inside
> !
> interface serial0/0
> ip nat outside
> ip address 2.2.2.2 255.255.255.252
> !
> ip nat pool nat-pool 16.16.16.1 16.16.16.1 netmask 255.255.255.252
> <<<only
> allowed to use this one IP
> ip route 16.16.16.1 255.255.255.255 serial0/0 <<<needed this static route
> else the packet was dropped
> !
> ip nat inside source static tcp 9.9.9.9 80 2.2.2.2 8080 route-map
> insideserver extendable
> !
> ip nat outside source list server pool nat-pool
> !
> route-map insideserver
> match ip address insideserver
> !
> ip access ext insideserver
> permit 5.0.0.0 0.0.0.255 host 2.2.2.2
>
>
> Blogs and organic groups at http://www.ccie.net
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html

Blogs and organic groups at http://www.ccie.net

• Next message: Edouard Zorrilla: "Re: MAC ACL"
• Previous message: Narbik Kocharians: "Re: DST"
• Maybe in reply to: Andrew Shin: "NAT"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Mon Apr 06 2009 - 06:44:04 ART