Re: NAT Config

Your route-map set access list 101 out of the NAT so you will not see
10.1.8.8 being translated if you do want 10.1.8.8 to be translated switch
your route map to look like:

! This will include acl 101
route-map NAT permit 10
 match ip address 101
! The bellow will exclude all else
route-map NAT deny 20

On Tue, Aug 17, 2010 at 11:38 PM, Edward John <edwardjohn2020_at_googlemail.com
> wrote:

> Hi,
>
> Can anyone please help me on the below NAT issue.. Is there any mistake in
> my NAT config?
>
> !
> route-map NAT deny 10
> match ip address 101
> !
> route-map NAT permit 20
> !
> ip nat pool PUBLIC 34.1.100.2 34.1.100.150 netmask 255.255.255.0
> ip nat inside source route-map NAT interface Loopback8 vrf VPN_A overload
> !
> access-list 101 permit ip host 10.1.8.8 222.22.2.0 0.0.0.255
> access-list 101 permit ip host 10.1.8.8 220.20.3.0 0.0.0.255
> access-list 101 permit ip host 10.1.8.8 10.1.7.0 0.0.0.255
> access-list 101 permit ip host 10.1.8.8 10.1.17.0 0.0.0.255
> access-list 101 permit ip host 10.1.8.8 192.10.1.0 0.0.0.255
> access-list 101 permit ip host 10.1.8.8 205.90.31.0 0.0.0.255
> access-list 101 permit ip 10.1.68.0 0.0.0.255 222.22.2.0 0.0.0.255
> access-list 101 permit ip 10.1.68.0 0.0.0.255 220.20.3.0 0.0.0.255
> access-list 101 permit ip 10.1.68.0 0.0.0.255 10.1.7.0 0.0.0.255
> access-list 101 permit ip 10.1.68.0 0.0.0.255 10.1.17.0 0.0.0.255
> access-list 101 permit ip 10.1.68.0 0.0.0.255 192.10.1.0 0.0.0.255
> access-list 101 permit ip 10.1.68.0 0.0.0.255 205.90.31.0 0.0.0.255
> !
> interface Loopback8
> ip vrf forwarding VPN_A
> ip address 34.1.100.1 255.255.255.0
> !
> interface Ethernet0/0
> description **Connecting to MPLS Core**
> ip address 34.1.0.6 255.255.255.0
> ip router isis
> ip nat outside
> ip virtual-reassembly
> full-duplex
> mpls traffic-eng tunnels
> tag-switching ip
> isis authentication mode md5 level-1
> isis authentication key-chain ISIS level-1
> isis hello-multiplier 5
> isis hello-interval 1
> ip rsvp bandwidth 5000 3000
> !
> interface Ethernet0/1
> description **Connecting to R8;LB-10.1.8.8**
> ip vrf forwarding VPN_A
> ip address 10.1.68.6 255.255.255.0
> ip nat inside
> ip virtual-reassembly
> full-duplex
> !
> Rack1R6#show ip nat translations
> Pro Inside global Inside local Outside local Outside global
> udp 34.1.100.1:526 34.1.0.6:646 224.0.0.2:646 224.0.0.2:646
> tcp 34.1.100.1:179 34.1.6.6:179 34.1.4.4:25195
> 34.1.4.4:25195
> udp 34.1.100.1:646 34.1.6.6:646 34.1.2.2:646 34.1.2.2:646
> tcp 34.1.100.1:12394 34.1.6.6:12394 34.1.4.4:646 34.1.4.4:646
> tcp 34.1.100.1:13992 34.1.6.6:13992 34.1.2.2:646 34.1.2.2:646
> tcp 34.1.100.1:37723 34.1.6.6:37723 34.1.5.5:646 34.1.5.5:646
> tcp 34.1.100.1:53526 34.1.6.6:53526 34.1.2.2:179 34.1.2.2:179
> Rack1R6#show ip nat translations vr
> Rack1R6#show ip nat translations vrf VPN_A
> Pro Inside global Inside local Outside local Outside global
> udp 34.1.100.1:527 34.1.0.6:646 224.0.0.2:646 224.0.0.2:646
> tcp 34.1.100.1:179 34.1.6.6:179 34.1.4.4:25195
> 34.1.4.4:25195
> udp 34.1.100.1:646 34.1.6.6:646 34.1.2.2:646 34.1.2.2:646
> tcp 34.1.100.1:12394 34.1.6.6:12394 34.1.4.4:646 34.1.4.4:646
> tcp 34.1.100.1:13992 34.1.6.6:13992 34.1.2.2:646 34.1.2.2:646
> tcp 34.1.100.1:37723 34.1.6.6:37723 34.1.5.5:646 34.1.5.5:646
> tcp 34.1.100.1:53526 34.1.6.6:53526 34.1.2.2:179 34.1.2.2:179
> Rack1R6#
>
> Why am I getting NAT translation in global table here? Also I don't get any
> NAT entries for source-ip 10.1.8.8.
>
> --
>
> *Regards,*
> *John*
>
>
> Blogs and organic groups at http://www.ccie.net
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
>
>
>
>
>
>
>
>

-- 
Shiran Guez
MCSE CCNP NCE1 JNCIA-ER CCIE #20572
http://cciep3.blogspot.com
http://www.linkedin.com/in/cciep3
http://twitter.com/cciep3
Blogs and organic groups at http://www.ccie.net