Re: NAT issue from Maarten Vervoorn on 2010-05-21 (Ccielab archives 05/2010)

From: Maarten Vervoorn <mr.vervoorn_at_gmail.com>
Date: Fri, 21 May 2010 15:12:28 +0200

Yes I have, and if had hadn't it wouldn't work. I forgot to copy this. It
works perfectly I only do not understand why. The route-maps denies
everything. I'm able to ping from the outside routers the NAT adres
10.15.105.12 and it even replies from that Natted addres. Its exactly what I
want. But if I remove the route-map If I ping 10.130.208.211 it will reply
from 10.15.105.12. If I add the route-map it replies with 208.211 and also
replies to 105.12
What does this route-map excactly do here?

interface Loopback1
ip address 10.15.105.1 255.255.255.0
ip nat outside
interface FastEthernet0/0
ip address 10.15.98.1 255.255.255.0
ip nat outside
interface Serial1/0
ip address 10.130.208.254 255.255.255.128
ip nat inside

2010/5/21 Adrian Brayton <abrayton_at_gmail.com>

> Do you have "ip nat inside" "ip nat outside" on your interfaces? I dont see
> it there?
>
>
> On May 21, 2010, at 8:53 AM, Maarten Vervoorn wrote:
>
> > During a lab setup I encounterd on a strange behaviour.
> >
> > Lab setup
> > S0/1 Fa0/0
> > R1--------------R3---------------R5----------R1
> >
> > R3 is a nat router which nat 10.130.208.211 to 105.12
> > I want both addresses to be reachable and synchronous (ping 105.12 and
> > receive a reply from 105.12, ping 208.211 and a receive a reply form
> > 208.211)
> > After some configurations I configurated a route-map with a deny any
> > statement. Both 105.12 and 208.211 are reachable and reply synchronous.
> But
> > I do not know why if I ping 105.12 from R5 or R1 i receive a reply form
> > 105.12 because the route-map has a deny any.
> >
> > Can anyone clarify this?
> >
> > Config R3
> > interface Loopback1
> > ip address 10.15.105.1 255.255.255.0
> > !
> > interface FastEthernet0/0
> > ip address 10.15.98.1 255.255.255.0
> > !
> > interface Serial1/0
> > ip address 10.130.208.254 255.255.255.128
> > !
> > ip nat inside source static 10.130.208.211 10.15.105.12 route-map test
> > !
> > ip access-list standard NAT
> > deny any
> > !
> > logging alarm informational
> > access-list 100 permit icmp any any
> > !
> > route-map test permit 10
> > match ip address NAT
> > !
> > !
> >
> >
> > Blogs and organic groups at http://www.ccie.net
> >
> > _______________________________________________________________________
> > Subscription information may be found at:
> > http://www.groupstudy.com/list/CCIELab.html

Blogs and organic groups at http://www.ccie.net
Received on Fri May 21 2010 - 15:12:28 ART

This archive was generated by hypermail 2.2.0 : Tue Jun 01 2010 - 07:09:53 ART