Re: Excluding a subnet from natting - route-map vs access-list from ALL From_NJ on 2011-05-15 (Ccielab archives 05/2011)

From: ALL From_NJ <all.from.nj_at_gmail.com>
Date: Sat, 14 May 2011 23:10:59 -0400

Hey Frog,

I hope you are well.

A common one I can think of, is you have the ability to match on interface
w/ route-map. The NAT guide link below has more examples ... pretty
extensive list.

The oer config guide, shows an example of a multi-homed router and two
uplinks. A single inside interface and multiple outside interfaces each
with NAT overload; config example uses a different route-map for each NAT
statement.

Thanks for the question, I got a chance to practice my doccd look up
skills.

Reference to this route-map question in the NAT guide:
http://www.cisco.com/en/US/docs/ios/ipaddr/configuration/guide/iadnat_addr_consv.html#wp1145401

Also, maybe there will be a task that says "configure your nat statements
without referencing an access-list in the nat statement".

--> router(config)# ip nat inside source ?

HTH,

Andrew

On Sat, May 14, 2011 at 9:51 PM, Radioactive Frog <pbhatkoti_at_gmail.com>wrote:

> Folks,
> In below scenario where I am excluding 192.168.1.0/24 from NAT - in what
> scenario I'd use route-map?
> Noticed, I am not tweaking any metric or anything.
>
> Task# exclude 192.168.1.0/24 from NAT
>
> My understanding is both solution will work but easier one is solution#2
> without route-map. Save time in typing :)
>
> what are your thoughts?
>
> --------------- Solution#1----------------
> ip access-list extended NAT
> deny ip 192.168.1.0 0.0.0.255 192.168.2.0 0.0.0.255
> permit ip any any
>
> route-map POLICY-NAT 10
> match ip address NAT
>
> ip nat source route-map POLICY-NAT interface s0/0 overload
>
> interface f1/0
> ip nat inside
>
> interface s0/0
> ip nat outside
>
> ----------Solution#2---------------
> ip access-list extended NAT
> deny ip 192.168.1.0 0.0.0.255 192.168.2.0 0.0.0.255
> permit ip any any
>
> ip nat source list NAT interface s0/0 overload
>
> interface f1/0
> ip nat inside
>
> interface s0/0
> ip nat outside
>
>
> Blogs and organic groups at http://www.ccie.net
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
>
>
>
>
>
>
>
>

-- 
Andrew Lee Lissitz
all.from.nj_at_gmail.com
Blogs and organic groups at http://www.ccie.net

Received on Sat May 14 2011 - 23:10:59 ART

This archive was generated by hypermail 2.2.0 : Wed Jun 01 2011 - 09:01:11 ART