NAT Config from Edward John on 2010-08-17 (Ccielab archives 08/2010)

From: Edward John <edwardjohn2020_at_googlemail.com>
Date: Tue, 17 Aug 2010 23:38:43 +0300

Hi,

Can anyone please help me on the below NAT issue.. Is there any mistake in
my NAT config?

!
route-map NAT deny 10
match ip address 101
!
route-map NAT permit 20
!
ip nat pool PUBLIC 34.1.100.2 34.1.100.150 netmask 255.255.255.0
ip nat inside source route-map NAT interface Loopback8 vrf VPN_A overload
!
access-list 101 permit ip host 10.1.8.8 222.22.2.0 0.0.0.255
access-list 101 permit ip host 10.1.8.8 220.20.3.0 0.0.0.255
access-list 101 permit ip host 10.1.8.8 10.1.7.0 0.0.0.255
access-list 101 permit ip host 10.1.8.8 10.1.17.0 0.0.0.255
access-list 101 permit ip host 10.1.8.8 192.10.1.0 0.0.0.255
access-list 101 permit ip host 10.1.8.8 205.90.31.0 0.0.0.255
access-list 101 permit ip 10.1.68.0 0.0.0.255 222.22.2.0 0.0.0.255
access-list 101 permit ip 10.1.68.0 0.0.0.255 220.20.3.0 0.0.0.255
access-list 101 permit ip 10.1.68.0 0.0.0.255 10.1.7.0 0.0.0.255
access-list 101 permit ip 10.1.68.0 0.0.0.255 10.1.17.0 0.0.0.255
access-list 101 permit ip 10.1.68.0 0.0.0.255 192.10.1.0 0.0.0.255
access-list 101 permit ip 10.1.68.0 0.0.0.255 205.90.31.0 0.0.0.255
!
interface Loopback8
ip vrf forwarding VPN_A
ip address 34.1.100.1 255.255.255.0
!
interface Ethernet0/0
description **Connecting to MPLS Core**
ip address 34.1.0.6 255.255.255.0
ip router isis
ip nat outside
ip virtual-reassembly
full-duplex
mpls traffic-eng tunnels
tag-switching ip
isis authentication mode md5 level-1
isis authentication key-chain ISIS level-1
isis hello-multiplier 5
isis hello-interval 1
ip rsvp bandwidth 5000 3000
!
interface Ethernet0/1
description **Connecting to R8;LB-10.1.8.8**
ip vrf forwarding VPN_A
ip address 10.1.68.6 255.255.255.0
ip nat inside
ip virtual-reassembly
full-duplex
!
Rack1R6#show ip nat translations
Pro Inside global Inside local Outside local Outside global
udp 34.1.100.1:526 34.1.0.6:646 224.0.0.2:646 224.0.0.2:646
tcp 34.1.100.1:179 34.1.6.6:179 34.1.4.4:25195 34.1.4.4:25195
udp 34.1.100.1:646 34.1.6.6:646 34.1.2.2:646 34.1.2.2:646
tcp 34.1.100.1:12394 34.1.6.6:12394 34.1.4.4:646 34.1.4.4:646
tcp 34.1.100.1:13992 34.1.6.6:13992 34.1.2.2:646 34.1.2.2:646
tcp 34.1.100.1:37723 34.1.6.6:37723 34.1.5.5:646 34.1.5.5:646
tcp 34.1.100.1:53526 34.1.6.6:53526 34.1.2.2:179 34.1.2.2:179
Rack1R6#show ip nat translations vr
Rack1R6#show ip nat translations vrf VPN_A
Pro Inside global Inside local Outside local Outside global
udp 34.1.100.1:527 34.1.0.6:646 224.0.0.2:646 224.0.0.2:646
tcp 34.1.100.1:179 34.1.6.6:179 34.1.4.4:25195 34.1.4.4:25195
udp 34.1.100.1:646 34.1.6.6:646 34.1.2.2:646 34.1.2.2:646
tcp 34.1.100.1:12394 34.1.6.6:12394 34.1.4.4:646 34.1.4.4:646
tcp 34.1.100.1:13992 34.1.6.6:13992 34.1.2.2:646 34.1.2.2:646
tcp 34.1.100.1:37723 34.1.6.6:37723 34.1.5.5:646 34.1.5.5:646
tcp 34.1.100.1:53526 34.1.6.6:53526 34.1.2.2:179 34.1.2.2:179
Rack1R6#

Why am I getting NAT translation in global table here? Also I don't get any
NAT entries for source-ip 10.1.8.8.

-- 
*Regards,*
*John*
Blogs and organic groups at http://www.ccie.net

Received on Tue Aug 17 2010 - 23:38:43 ART

This archive was generated by hypermail 2.2.0 : Wed Sep 01 2010 - 11:20:52 ART