Tauseef,
Cisco IOS Software, C2900 Software (C2900-UNIVERSALK9-M), Version
15.1(4)M1, REL
EASE SOFTWARE (fc1)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2011 by Cisco Systems, Inc.
Agreed you may have configured it, but with route-map or just IP NAT
statement referencing Pool and List...
I strongly suggest you should deepdive and understand the protocols its
self and its order of operation. Base on experience i have strange issue on
deployment, but if you boiled down to how each protocol interact with other
and its own order of Operation.
Well that been said... its a journey of attaining your Expert goal and
truly being one.
ABDULLAHI BEGE
Snr. Network Engineer.
CCIE# 37630 RnS.
On Thu, Oct 3, 2013 at 5:28 PM, Tauseef Khan <tasneemjan_at_googlemail.com>wrote:
> Strange Prince,
> what image are you using
> i tested on Version 12.4(25d) , 12.4(13r)T and Version 15.2(4)S4
> any new ip nat inside statement overrides the the previous ones.
>
> could you send the output of sh ip nat translations as well and platform /
> image details
>
> Kind regards
>
> Tauseef
> mobile: +44 7837209187
>
>
> On 3 October 2013 16:53, Prince Emirate <begeieia_at_googlemail.com> wrote:
>
>> Tauseef,
>>
>> I Really cant say what deployment scenario you have, but I have a
>> working solution that reference multiple NAT Inside all with overload
>> command, also what you should understand with PAT ; its more with Port
>> number, in scenario where the first Public IP address can still be PAT,
>> the IOS will continue to used...
>> see below the little example...
>> if you really interested in load balancing the address... why not used
>> same example and allocate with Public IP address to certain subnet of your
>> organization.. using the route-map it definitely will work out.
>>
>>
>> ip nat pool INTERNET 248.255.248.90 248.255.248.90 prefix-length 30
>> ip nat pool LINK-1 10.0.1.2 10.0.1.2 prefix-length 30
>> ip nat pool Link-2 10.35.242.118 10.35.242.118 prefix-length 30
>> !
>> ip nat inside source route-map LINK pool LINK overload
>> ip nat inside source route-map INTERNET pool INTERNET overload
>> ip nat inside source route-map LINK-2 pool LINK-2 overload
>>
>> !
>> route-map LINK permit 10
>> match ip address WORKS
>> match interface GigabitEthernet0/2
>> !
>> route-map INTERNET permit 10
>> match ip address WORKS-LAN
>> match interface GigabitEthernet0/1.10
>> !
>> route-map LINK-2 permit 10
>> match ip address WORKS
>> match interface GigabitEthernet0/0
>> !
>> !
>> !
>> ip access-list standard WORKOUT
>> permit 172.16.21.0 0.0.0.255
>> !
>> ip access-list extended WORKOUT-LAN
>> deny ip any 172.16.0.0 0.0.255.255
>> permit ip 172.16.21.0 0.0.0.255 any
>>
>>
>> Expert kindly correct me if im wrong.
>>
>>
>>
>>
>> ABDULLAHI BEGE
>> Snr. Network Engineer.
>> CCIE# 37630 RnS.
>>
>>
>> On Thu, Oct 3, 2013 at 11:48 AM, Tauseef Khan <tasneemjan_at_googlemail.com>wrote:
>>
>>> thanks Prince, That's ideally I want but as previously mentioned in 12.4
>>> you can't have 2 <ip nat inside> statements. The concluded config form your
>>> above config will only be
>>> ip nat inside source list LAN_TRAFFIC interface g0/0 overload () this
>>> command will overwrite any previous ip nat inside staement
>>>
>>> secondly, if I nat to a pool with overlaod it will pat but not load
>>> balance across all the pool ip address. ie it will first pat 65000 ips to
>>> first ip from pool, then to second ip and so on and so forth.
>>>
>>> Kind regards
>>>
>>> Tauseef
>>> mobile: +44 7837209187
>>>
>>>
>>> On 3 October 2013 11:38, Prince Emirate <begeieia_at_googlemail.com> wrote:
>>>
>>>> Tauseef,
>>>>
>>>> I'm not sure the whether this will suffice your requirement....
>>>>
>>>> ip nat pool FIX-ME 204.12.1.1 204.12.1.31 prefix-length 27
>>>> !
>>>> ip access-list extended sERVER_TRAFFIC
>>>> permit ip 155.1.1.0 0.0.0.31 any
>>>> deny ip any any
>>>> !
>>>> ip nat inside source list NAT_TRAFFIC pool FIX-ME
>>>>
>>>> access-l extended LAN_TRAFFIC
>>>> permit ip 155.1.1.32 0.0.0.31
>>>> permit ip 155.1.1.64 0.0.0.31
>>>> !
>>>> !
>>>> ip nat inside source list LAN_TRAFFIC interface g0/0 overload
>>>>
>>>>
>>>>
>>>> Expert Kindly correct me if i'm wrong.
>>>>
>>>>
>>>>
>>>>
>>>>
>>>> ABDULLAHI BEGE
>>>> Snr. Network Engineer.
>>>> CCIE# 37630 RnS.
>>>>
>>>>
>>>> On Wed, Oct 2, 2013 at 11:46 PM, Joe Sanchez <marco207p_at_gmail.com>wrote:
>>>>
>>>>> Give and example of what you want . Because it is doable based on what
>>>>> I've seen so far.
>>>>>
>>>>> Regards,
>>>>> Joe Sanchez
>>>>>
>>>>> ( please excuse the brevity of this email as it was sent via a mobile
>>>>> device. Please excuse misspelled words or sentence structure.)
>>>>>
>>>>> On Oct 2, 2013, at 9:28 AM, Tauseef Khan <tasneemjan_at_googlemail.com>
>>>>> wrote:
>>>>>
>>>>> > yes you are right Prince but what I am looking to do is 1-1 nat to a
>>>>> /27
>>>>> > pool and rest PAT to the Public interface IP address like on ASA,
>>>>> which
>>>>> > looks not achievable on up to ios 12.4 not sure about 15.x but I
>>>>> will test
>>>>> > that.
>>>>> >
>>>>> > Kind regards
>>>>> >
>>>>> > Tauseef
>>>>> > mobile: +44 7837209187
>>>>> >
>>>>> >
>>>>> > On 2 October 2013 13:49, Prince Emirate <begeieia_at_googlemail.com>
>>>>> wrote:
>>>>> >
>>>>> >> In general i think already PAT to the public ip address since it's
>>>>> a /24
>>>>> >> to 10 public address. Thats 65535 open connection from internal
>>>>> to a
>>>>> >> single public address. Frankly I hard believe u will exhaust the
>>>>> public
>>>>> >> address.
>>>>> >> I have a deployment of 10.0.0.0/8 to a /29 public, nd we still
>>>>> reserved
>>>>> >> sm for static NAT.
>>>>> >>
>>>>> >> Kindly correct me experts if im wrong.
>>>>> >> On 1 Oct 2013 12:05, "Sadiq Yakasai" <sadiqtanko_at_gmail.com> wrote:
>>>>> >>
>>>>> >>> See link below. Alot of examples but none of which is exact to
>>>>> what you
>>>>> >>> are
>>>>> >>> asking for:
>>>>> >>>
>>>>> >>>
>>>>> >>>
>>>>> http://www.cisco.com/en/US/docs/ios-xml/ios/ipaddr_nat/configuration/12-4/iadnat-addr-consv.html#GUID-2B90342E-DFEE-4593-A4A9-47A17A657ACC
>>>>> >>>
>>>>> >>>
>>>>> >>>
>>>>> >>> On Tue, Oct 1, 2013 at 11:44 AM, Tauseef Khan <
>>>>> tasneemjan_at_googlemail.com
>>>>> >>>> wrote:
>>>>> >>>
>>>>> >>>> Can you have multiple <ip nat inside> statements? i don't think
>>>>> >>>>
>>>>> >>>> Kind regards
>>>>> >>>>
>>>>> >>>> Tauseef
>>>>> >>>> mobile: +44 7837209187
>>>>> >>>>
>>>>> >>>>
>>>>> >>>> On 1 October 2013 11:16, Sadiq Yakasai <sadiqtanko_at_gmail.com>
>>>>> wrote:
>>>>> >>>>
>>>>> >>>>> I havent done NAT on IOS in a while but my first reaction to
>>>>> your query
>>>>> >>>>> would be, yes.
>>>>> >>>>>
>>>>> >>>>> How about creating a second NAT statement for overloading the
>>>>> interface
>>>>> >>>>> after the first one that references the pool? Of course, you
>>>>> want to
>>>>> >>> test
>>>>> >>>>> this out! ;-)
>>>>> >>>>>
>>>>> >>>>> HTH a bit.
>>>>> >>>>>
>>>>> >>>>> Sadiq
>>>>> >>>>>
>>>>> >>>>>
>>>>> >>>>> On Tue, Oct 1, 2013 at 11:03 AM, Tauseef Khan <
>>>>> >>> tasneemjan_at_googlemail.com>wrote:
>>>>> >>>>>
>>>>> >>>>>> Appreciate if some one could clarify. Is it possible to
>>>>> configure NAT
>>>>> >>> and
>>>>> >>>>>> PAT similtuneously on IOS 12.4x
>>>>> >>>>>>
>>>>> >>>>>> I need to nat the internal /24 to a pool of 10 public IP
>>>>> addresses and
>>>>> >>>>>> rest
>>>>> >>>>>> to the Public Interface IP address of the router so that when
>>>>> the 10
>>>>> >>>>>> address pool is exhausted rest of the internal IPs are pated to
>>>>> >>> Interface
>>>>> >>>>>> IP address of Router like on ASA firewalls.
>>>>> >>>>>>
>>>>> >>>>>>
>>>>> >>>>>>
>>>>> >>>>>>
>>>>> >>>>>> Kind regards
>>>>> >>>>>>
>>>>> >>>>>> Tauseef
>>>>> >>>>>> mobile: +44 7837209187
>>>>> >>>>>>
>>>>> >>>>>>
>>>>> >>>>>> Blogs and organic groups at http://www.ccie.net
>>>>> >>>
>>>>> _______________________________________________________________________
>>>>> >>>>>> Subscription information may be found at:
>>>>> >>>>>> http://www.groupstudy.com/list/CCIELab.html
>>>>> >>>>>
>>>>> >>>>>
>>>>> >>>>> --
>>>>> >>>>> CCIEx2 (R&S|Sec) #19963
>>>>> >>>
>>>>> >>>
>>>>> >>> --
>>>>> >>> CCIEx2 (R&S|Sec) #19963
>>>>> >>>
>>>>> >>>
>>>>> >>> Blogs and organic groups at http://www.ccie.net
>>>>> >>>
>>>>> >>>
>>>>> _______________________________________________________________________
>>>>> >>> Subscription information may be found at:
>>>>> >>> http://www.groupstudy.com/list/CCIELab.html
>>>>> >
>>>>> >
>>>>> > Blogs and organic groups at http://www.ccie.net
>>>>> >
>>>>> >
>>>>> _______________________________________________________________________
>>>>> > Subscription information may be found at:
>>>>> > http://www.groupstudy.com/list/CCIELab.html
Blogs and organic groups at http://www.ccie.net
Received on Thu Oct 03 2013 - 18:04:10 ART
This archive was generated by hypermail 2.2.0 : Fri Nov 01 2013 - 07:35:39 ART