Re: IP NAT outside

Actually I need to correct myself saying that your configuration is
PAT. You are doing dynamic NAT. I thought you were saying that the
NAT pool was a /30 so that is how you are tying the two together,
misread on my part without looking at your NAT Pool.

With your NAT pool you are doing a one to one conversion but it is
still one way communication as the NAT pools are not specifically tied
to each individual address. The router has no way to determine which
IP is tied to each IP on the outside so something must first open the
connection before communication can occur. For two way communication
you need to use static translations.

On Sun, Jul 26, 2009 at 7:00 PM, Tyson Scott<tscott_at_ipexpert.com> wrote:
> It all depends on the direction you are wanting to NAT the traffic.
> Using the NAT pool as shown in the first example and shown in the
> continuation of this string would not allow the joining of two
> companies. In the example originally shown of the two companies you
> would want to allow both parts of the companies to communicate with
> each other so you would need to provide a one to one translation for
> the two networks. Using pools that are overloaded is a one way
> communication, it is called PAT (Port address Translation), your
> example is not NAT.
>
> If you were wanting to merge two companies you would use.
>
> hostname cloud1router
> Gigabitethernet0/0
> description to cloud2
> ip address 172.1.2.2 255.255.255.252
> ip nat outside
>
> int gigabitethernet0/1
> description toCore
> ip address 10.1.254.1 255.255.255.252
> ip nat inside
>
> ip nat outside source static network 10.1.0.0 10.2.0.0 255.255.0.0
>
> Or
>
> ip nat inside source static network 10.1.0.0 10.2.0.0 255.255.0.0
>
> So the first example would be NAT the traffic from Cloud2 to the new
> address'es of 10.2.0.0/16 when trying to communicate with Cloud1
>
> The second example Cloud1 is NAT'ed to 10.2.0.0/16 when trying to
> communicate with Cloud2. Either would accomplish the same thing
>
> The only difference between the two is perspective. Am I wanting to
> hide the inside from the outside (inside NAT) Or am I hiding the
> outside from the inside (outside NAT)
>
>
> On Sun, Jul 26, 2009 at 6:37 PM, Welly Kamarudin<welly.wewe_at_gmail.com> wrote:
>> Hi Keegan,
>>
>> Based on my study,
>> IP nat inside : is to perform translation for source IP addr in the IP
>> header
>> IP nat outside : is to perform translation for destination IP addr in the IP
>> header
>>
>> So based on your command :
>> ip nat outside source list 12 pool merge
>> -On the packet header that has destination IP addr to 10.1.0.0/16 will be
>> translated to pool merge (11.1.0.1 11.1.255.254)
>> -But there is no translation on the source IP on the header
>>
>> Correct me if I am wrong guys
>>
>> http://www.cisco.com/en/US/tech/tk648/tk361/technologies_tech_note09186a0080094837.shtml
>>
>> Welly
>>
>>
>> Blogs and organic groups at http://www.ccie.net
>>
>> _______________________________________________________________________
>> Subscription information may be found at:
>> http://www.groupstudy.com/list/CCIELab.html
>>
>>
>>
>>
>>
>>
>>
>>
>
>
>
> --
> Tyson Scott - CCIE #13513 R&S and Security
> Technical Instructor - IPexpert, Inc.
>
> Telephone: +1.810.326.1444
> Fax: +1.810.454.0130
> Mailto: tscott_at_ipexpert.com
>

-- 
Tyson Scott - CCIE #13513 R&S and Security
Technical Instructor - IPexpert, Inc.
Telephone: +1.810.326.1444
Fax: +1.810.454.0130
Mailto:  tscott_at_ipexpert.com
Blogs and organic groups at http://www.ccie.net