RE: Are you an IOS NAT expert?

Dale, I'll second the CCIE Security track as the final hurdle for Nat learning;

Please pickup the ASA firewall handbook by Hucaby; it will clarify the concepts quite well like identity nat, Policy nat, nat exceptions, and such.

I also passed ALL nat aspects of the CCIE R/S using
1. Wendell Odom's nat explanations and thought train in the R/S Written Certification guide
2. Mr. Narbiks PDF on NAT he has passed around quite a bit here... its like 200+ pages...

-Joe

-----Original Message-----
From: nobody_at_groupstudy.com [mailto:nobody_at_groupstudy.com] On Behalf Of Dale Shaw
Sent: Monday, May 18, 2009 5:44 AM
To: Cisco certification
Subject: Are you an IOS NAT expert?

Hi all,

I really dislike IOS NAT. Reeeaaallly dislike it. I cut my teeth on
NAT on Linux and BSD and it just seems to make so much more sense to
me on those systems.

The "inside local", "inside global", "outside local" and "outside
global" concepts -- why, Cisco? Whhhhhy? And it's just as
brain-destroying on PIX/ASA, if you ask me.

Anyway, I could whinge and moan about Cisco's implementation all day
long, but that's not going to help. Essentially, I'd like to become
much better at identifying and applying solutions to NAT scenarios
with IOS.

I've been setting up NAT on routers for years, and in the end, I can
always make it work. For trickier configurations, sure, it takes
longer, but I get there. As we all know, though, there's no time for
trial and error in the exam room. I want to be able to look at a NAT
task and immediately know which interface(s) should be 'inside' and
which interface(s) should be 'outside', which of the many NAT
configuration options will get the job done, and what "gotchyas" each
method comes packaged with (e.g. when static routes are required).

Don't get me wrong, I understand how a packet can be transformed by a
NAT, it's really just gaining a deeper understanding of Cisco's
implementation.

So, I guess I'm happy to hear what study material helped you really
'get' NAT - DocCD links, other Cisco.com articles, books, workbooks,
whatever - but I'm more interested in the way you approach NAT tasks
in terms of logic, strategy and troubleshooting. I personally haven't
found a resource yet that gives me the background theory I require to
get the most out of practice labs.

cheers,
Dale

Blogs and organic groups at http://www.ccie.net
Received on Mon May 18 2009 - 13:24:18 ART