Re: IP NAT outside from Tyson Scott on 2009-07-26 (Ccielab archives 07/2009)

From: Tyson Scott <tscott_at_ipexpert.com>
Date: Sun, 26 Jul 2009 19:00:30 -0400

It all depends on the direction you are wanting to NAT the traffic.
Using the NAT pool as shown in the first example and shown in the
continuation of this string would not allow the joining of two
companies. In the example originally shown of the two companies you
would want to allow both parts of the companies to communicate with
each other so you would need to provide a one to one translation for
the two networks. Using pools that are overloaded is a one way
communication, it is called PAT (Port address Translation), your
example is not NAT.

If you were wanting to merge two companies you would use.

hostname cloud1router
Gigabitethernet0/0
description to cloud2
ip address 172.1.2.2 255.255.255.252
ip nat outside

int gigabitethernet0/1
description toCore
ip address 10.1.254.1 255.255.255.252
ip nat inside

ip nat outside source static network 10.1.0.0 10.2.0.0 255.255.0.0

ip nat inside source static network 10.1.0.0 10.2.0.0 255.255.0.0

So the first example would be NAT the traffic from Cloud2 to the new
address'es of 10.2.0.0/16 when trying to communicate with Cloud1

The second example Cloud1 is NAT'ed to 10.2.0.0/16 when trying to
communicate with Cloud2. Either would accomplish the same thing

The only difference between the two is perspective. Am I wanting to
hide the inside from the outside (inside NAT) Or am I hiding the
outside from the inside (outside NAT)

On Sun, Jul 26, 2009 at 6:37 PM, Welly Kamarudin<welly.wewe_at_gmail.com> wrote:
> Hi Keegan,
>
> Based on my study,
> IP nat inside : is to perform translation for source IP addr in the IP
> header
> IP nat outside : is to perform translation for destination IP addr in the IP
> header
>
> So based on your command :
> ip nat outside source list 12 pool merge
> -On the packet header that has destination IP addr to 10.1.0.0/16 will be
> translated to pool merge (11.1.0.1 11.1.255.254)
> -But there is no translation on the source IP on the header
>
> Correct me if I am wrong guys
>
> http://www.cisco.com/en/US/tech/tk648/tk361/technologies_tech_note09186a0080094837.shtml
>
> Welly
>
>
> Blogs and organic groups at http://www.ccie.net
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
>
>
>
>
>
>
>
>

-- 
Tyson Scott - CCIE #13513 R&S and Security
Technical Instructor - IPexpert, Inc.
Telephone: +1.810.326.1444
Fax: +1.810.454.0130
Mailto:  tscott_at_ipexpert.com
Blogs and organic groups at http://www.ccie.net

Received on Sun Jul 26 2009 - 19:00:30 ART

This archive was generated by hypermail 2.2.0 : Sat Aug 01 2009 - 13:10:23 ART