Thanks for your wise words Prince !!!!!
So what does your output of sh ip nat translations look like. Not sure
about the image you are running but definitely i have tested with the
following images and I am positive that you can't have multiple ip nat
inside statements.
Kind regards
Tauseef
mobile: +44 7837209187
On 3 October 2013 18:04, Prince Emirate <begeieia_at_googlemail.com> wrote:
> Tauseef,
>
> Cisco IOS Software, C2900 Software (C2900-UNIVERSALK9-M), Version
> 15.1(4)M1, REL
> EASE SOFTWARE (fc1)
> Technical Support: http://www.cisco.com/techsupport
> Copyright (c) 1986-2011 by Cisco Systems, Inc.
>
>
>
> Agreed you may have configured it, but with route-map or just IP NAT
> statement referencing Pool and List...
>
> I strongly suggest you should deepdive and understand the protocols its
> self and its order of operation. Base on experience i have strange issue on
> deployment, but if you boiled down to how each protocol interact with other
> and its own order of Operation.
>
> Well that been said... its a journey of attaining your Expert goal and
> truly being one.
>
>
> ABDULLAHI BEGE
> Snr. Network Engineer.
> CCIE# 37630 RnS.
>
>
> On Thu, Oct 3, 2013 at 5:28 PM, Tauseef Khan <tasneemjan_at_googlemail.com>wrote:
>
>> Strange Prince,
>> what image are you using
>> i tested on Version 12.4(25d) , 12.4(13r)T and Version 15.2(4)S4
>> any new ip nat inside statement overrides the the previous ones.
>>
>> could you send the output of sh ip nat translations as well and platform
>> / image details
>>
>> Kind regards
>>
>> Tauseef
>> mobile: +44 7837209187
>>
>>
>> On 3 October 2013 16:53, Prince Emirate <begeieia_at_googlemail.com> wrote:
>>
>>> Tauseef,
>>>
>>> I Really cant say what deployment scenario you have, but I have a
>>> working solution that reference multiple NAT Inside all with overload
>>> command, also what you should understand with PAT ; its more with Port
>>> number, in scenario where the first Public IP address can still be PAT,
>>> the IOS will continue to used...
>>> see below the little example...
>>> if you really interested in load balancing the address... why not used
>>> same example and allocate with Public IP address to certain subnet of your
>>> organization.. using the route-map it definitely will work out.
>>>
>>>
>>> ip nat pool INTERNET 248.255.248.90 248.255.248.90 prefix-length 30
>>> ip nat pool LINK-1 10.0.1.2 10.0.1.2 prefix-length 30
>>> ip nat pool Link-2 10.35.242.118 10.35.242.118 prefix-length 30
>>> !
>>> ip nat inside source route-map LINK pool LINK overload
>>> ip nat inside source route-map INTERNET pool INTERNET overload
>>> ip nat inside source route-map LINK-2 pool LINK-2 overload
>>>
>>> !
>>> route-map LINK permit 10
>>> match ip address WORKS
>>> match interface GigabitEthernet0/2
>>> !
>>> route-map INTERNET permit 10
>>> match ip address WORKS-LAN
>>> match interface GigabitEthernet0/1.10
>>> !
>>> route-map LINK-2 permit 10
>>> match ip address WORKS
>>> match interface GigabitEthernet0/0
>>> !
>>> !
>>> !
>>> ip access-list standard WORKOUT
>>> permit 172.16.21.0 0.0.0.255
>>> !
>>> ip access-list extended WORKOUT-LAN
>>> deny ip any 172.16.0.0 0.0.255.255
>>> permit ip 172.16.21.0 0.0.0.255 any
>>>
>>>
>>> Expert kindly correct me if im wrong.
>>>
>>>
>>>
>>>
>>> ABDULLAHI BEGE
>>> Snr. Network Engineer.
>>> CCIE# 37630 RnS.
>>>
>>>
>>> On Thu, Oct 3, 2013 at 11:48 AM, Tauseef Khan <tasneemjan_at_googlemail.com
>>> > wrote:
>>>
>>>> thanks Prince, That's ideally I want but as previously mentioned in
>>>> 12.4 you can't have 2 <ip nat inside> statements. The concluded config form
>>>> your above config will only be
>>>> ip nat inside source list LAN_TRAFFIC interface g0/0 overload () this
>>>> command will overwrite any previous ip nat inside staement
>>>>
>>>> secondly, if I nat to a pool with overlaod it will pat but not load
>>>> balance across all the pool ip address. ie it will first pat 65000 ips to
>>>> first ip from pool, then to second ip and so on and so forth.
>>>>
>>>> Kind regards
>>>>
>>>> Tauseef
>>>> mobile: +44 7837209187
>>>>
>>>>
>>>> On 3 October 2013 11:38, Prince Emirate <begeieia_at_googlemail.com>wrote:
>>>>
>>>>> Tauseef,
>>>>>
>>>>> I'm not sure the whether this will suffice your requirement....
>>>>>
>>>>> ip nat pool FIX-ME 204.12.1.1 204.12.1.31 prefix-length 27
>>>>> !
>>>>> ip access-list extended sERVER_TRAFFIC
>>>>> permit ip 155.1.1.0 0.0.0.31 any
>>>>> deny ip any any
>>>>> !
>>>>> ip nat inside source list NAT_TRAFFIC pool FIX-ME
>>>>>
>>>>> access-l extended LAN_TRAFFIC
>>>>> permit ip 155.1.1.32 0.0.0.31
>>>>> permit ip 155.1.1.64 0.0.0.31
>>>>> !
>>>>> !
>>>>> ip nat inside source list LAN_TRAFFIC interface g0/0 overload
>>>>>
>>>>>
>>>>>
>>>>> Expert Kindly correct me if i'm wrong.
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>> ABDULLAHI BEGE
>>>>> Snr. Network Engineer.
>>>>> CCIE# 37630 RnS.
>>>>>
>>>>>
>>>>> On Wed, Oct 2, 2013 at 11:46 PM, Joe Sanchez <marco207p_at_gmail.com>wrote:
>>>>>
>>>>>> Give and example of what you want . Because it is doable based on
>>>>>> what I've seen so far.
>>>>>>
>>>>>> Regards,
>>>>>> Joe Sanchez
>>>>>>
>>>>>> ( please excuse the brevity of this email as it was sent via a mobile
>>>>>> device. Please excuse misspelled words or sentence structure.)
>>>>>>
>>>>>> On Oct 2, 2013, at 9:28 AM, Tauseef Khan <tasneemjan_at_googlemail.com>
>>>>>> wrote:
>>>>>>
>>>>>> > yes you are right Prince but what I am looking to do is 1-1 nat to
>>>>>> a /27
>>>>>> > pool and rest PAT to the Public interface IP address like on ASA,
>>>>>> which
>>>>>> > looks not achievable on up to ios 12.4 not sure about 15.x but I
>>>>>> will test
>>>>>> > that.
>>>>>> >
>>>>>> > Kind regards
>>>>>> >
>>>>>> > Tauseef
>>>>>> > mobile: +44 7837209187
>>>>>> >
>>>>>> >
>>>>>> > On 2 October 2013 13:49, Prince Emirate <begeieia_at_googlemail.com>
>>>>>> wrote:
>>>>>> >
>>>>>> >> In general i think already PAT to the public ip address since it's
>>>>>> a /24
>>>>>> >> to 10 public address. Thats 65535 open connection from internal
>>>>>> to a
>>>>>> >> single public address. Frankly I hard believe u will exhaust the
>>>>>> public
>>>>>> >> address.
>>>>>> >> I have a deployment of 10.0.0.0/8 to a /29 public, nd we still
>>>>>> reserved
>>>>>> >> sm for static NAT.
>>>>>> >>
>>>>>> >> Kindly correct me experts if im wrong.
>>>>>> >> On 1 Oct 2013 12:05, "Sadiq Yakasai" <sadiqtanko_at_gmail.com> wrote:
>>>>>> >>
>>>>>> >>> See link below. Alot of examples but none of which is exact to
>>>>>> what you
>>>>>> >>> are
>>>>>> >>> asking for:
>>>>>> >>>
>>>>>> >>>
>>>>>> >>>
>>>>>> http://www.cisco.com/en/US/docs/ios-xml/ios/ipaddr_nat/configuration/12-4/iadnat-addr-consv.html#GUID-2B90342E-DFEE-4593-A4A9-47A17A657ACC
>>>>>> >>>
>>>>>> >>>
>>>>>> >>>
>>>>>> >>> On Tue, Oct 1, 2013 at 11:44 AM, Tauseef Khan <
>>>>>> tasneemjan_at_googlemail.com
>>>>>> >>>> wrote:
>>>>>> >>>
>>>>>> >>>> Can you have multiple <ip nat inside> statements? i don't think
>>>>>> >>>>
>>>>>> >>>> Kind regards
>>>>>> >>>>
>>>>>> >>>> Tauseef
>>>>>> >>>> mobile: +44 7837209187
>>>>>> >>>>
>>>>>> >>>>
>>>>>> >>>> On 1 October 2013 11:16, Sadiq Yakasai <sadiqtanko_at_gmail.com>
>>>>>> wrote:
>>>>>> >>>>
>>>>>> >>>>> I havent done NAT on IOS in a while but my first reaction to
>>>>>> your query
>>>>>> >>>>> would be, yes.
>>>>>> >>>>>
>>>>>> >>>>> How about creating a second NAT statement for overloading the
>>>>>> interface
>>>>>> >>>>> after the first one that references the pool? Of course, you
>>>>>> want to
>>>>>> >>> test
>>>>>> >>>>> this out! ;-)
>>>>>> >>>>>
>>>>>> >>>>> HTH a bit.
>>>>>> >>>>>
>>>>>> >>>>> Sadiq
>>>>>> >>>>>
>>>>>> >>>>>
>>>>>> >>>>> On Tue, Oct 1, 2013 at 11:03 AM, Tauseef Khan <
>>>>>> >>> tasneemjan_at_googlemail.com>wrote:
>>>>>> >>>>>
>>>>>> >>>>>> Appreciate if some one could clarify. Is it possible to
>>>>>> configure NAT
>>>>>> >>> and
>>>>>> >>>>>> PAT similtuneously on IOS 12.4x
>>>>>> >>>>>>
>>>>>> >>>>>> I need to nat the internal /24 to a pool of 10 public IP
>>>>>> addresses and
>>>>>> >>>>>> rest
>>>>>> >>>>>> to the Public Interface IP address of the router so that when
>>>>>> the 10
>>>>>> >>>>>> address pool is exhausted rest of the internal IPs are pated to
>>>>>> >>> Interface
>>>>>> >>>>>> IP address of Router like on ASA firewalls.
>>>>>> >>>>>>
>>>>>> >>>>>>
>>>>>> >>>>>>
>>>>>> >>>>>>
>>>>>> >>>>>> Kind regards
>>>>>> >>>>>>
>>>>>> >>>>>> Tauseef
>>>>>> >>>>>> mobile: +44 7837209187
>>>>>> >>>>>>
>>>>>> >>>>>>
>>>>>> >>>>>> Blogs and organic groups at http://www.ccie.net
>>>>>> >>>
>>>>>> _______________________________________________________________________
>>>>>> >>>>>> Subscription information may be found at:
>>>>>> >>>>>> http://www.groupstudy.com/list/CCIELab.html
>>>>>> >>>>>
>>>>>> >>>>>
>>>>>> >>>>> --
>>>>>> >>>>> CCIEx2 (R&S|Sec) #19963
>>>>>> >>>
>>>>>> >>>
>>>>>> >>> --
>>>>>> >>> CCIEx2 (R&S|Sec) #19963
>>>>>> >>>
>>>>>> >>>
>>>>>> >>> Blogs and organic groups at http://www.ccie.net
>>>>>> >>>
>>>>>> >>>
>>>>>> _______________________________________________________________________
>>>>>> >>> Subscription information may be found at:
>>>>>> >>> http://www.groupstudy.com/list/CCIELab.html
>>>>>> >
>>>>>> >
>>>>>> > Blogs and organic groups at http://www.ccie.net
>>>>>> >
>>>>>> >
>>>>>> _______________________________________________________________________
>>>>>> > Subscription information may be found at:
>>>>>> > http://www.groupstudy.com/list/CCIELab.html
Blogs and organic groups at http://www.ccie.net
Received on Fri Oct 04 2013 - 10:03:27 ART
This archive was generated by hypermail 2.2.0 : Fri Nov 01 2013 - 07:35:39 ART