hi Prince, you were right,
I have changed the ios version to Version 12.4(15)T14 and now I can doe
interface pat overload and nat pool. for some reason it doesn't work
with Version 12.4(25d)
thanks for the help.
Kind regards
Tauseef
mobile: +44 7837209187
On 4 October 2013 10:03, Tauseef Khan <tasneemjan_at_googlemail.com> wrote:
> Thanks for your wise words Prince !!!!!
> So what does your output of sh ip nat translations look like. Not sure
> about the image you are running but definitely i have tested with the
> following images and I am positive that you can't have multiple ip nat
> inside statements.
>
> Kind regards
>
> Tauseef
> mobile: +44 7837209187
>
>
> On 3 October 2013 18:04, Prince Emirate <begeieia_at_googlemail.com> wrote:
>
>> Tauseef,
>>
>> Cisco IOS Software, C2900 Software (C2900-UNIVERSALK9-M), Version
>> 15.1(4)M1, REL
>> EASE SOFTWARE (fc1)
>> Technical Support: http://www.cisco.com/techsupport
>> Copyright (c) 1986-2011 by Cisco Systems, Inc.
>>
>>
>>
>> Agreed you may have configured it, but with route-map or just IP NAT
>> statement referencing Pool and List...
>>
>> I strongly suggest you should deepdive and understand the protocols its
>> self and its order of operation. Base on experience i have strange issue on
>> deployment, but if you boiled down to how each protocol interact with other
>> and its own order of Operation.
>>
>> Well that been said... its a journey of attaining your Expert goal and
>> truly being one.
>>
>>
>> ABDULLAHI BEGE
>> Snr. Network Engineer.
>> CCIE# 37630 RnS.
>>
>>
>> On Thu, Oct 3, 2013 at 5:28 PM, Tauseef Khan <tasneemjan_at_googlemail.com>wrote:
>>
>>> Strange Prince,
>>> what image are you using
>>> i tested on Version 12.4(25d) , 12.4(13r)T and Version 15.2(4)S4
>>> any new ip nat inside statement overrides the the previous ones.
>>>
>>> could you send the output of sh ip nat translations as well and platform
>>> / image details
>>>
>>> Kind regards
>>>
>>> Tauseef
>>> mobile: +44 7837209187
>>>
>>>
>>> On 3 October 2013 16:53, Prince Emirate <begeieia_at_googlemail.com> wrote:
>>>
>>>> Tauseef,
>>>>
>>>> I Really cant say what deployment scenario you have, but I have a
>>>> working solution that reference multiple NAT Inside all with overload
>>>> command, also what you should understand with PAT ; its more with Port
>>>> number, in scenario where the first Public IP address can still be PAT,
>>>> the IOS will continue to used...
>>>> see below the little example...
>>>> if you really interested in load balancing the address... why not used
>>>> same example and allocate with Public IP address to certain subnet of your
>>>> organization.. using the route-map it definitely will work out.
>>>>
>>>>
>>>> ip nat pool INTERNET 248.255.248.90 248.255.248.90 prefix-length 30
>>>> ip nat pool LINK-1 10.0.1.2 10.0.1.2 prefix-length 30
>>>> ip nat pool Link-2 10.35.242.118 10.35.242.118 prefix-length 30
>>>> !
>>>> ip nat inside source route-map LINK pool LINK overload
>>>> ip nat inside source route-map INTERNET pool INTERNET overload
>>>> ip nat inside source route-map LINK-2 pool LINK-2 overload
>>>>
>>>> !
>>>> route-map LINK permit 10
>>>> match ip address WORKS
>>>> match interface GigabitEthernet0/2
>>>> !
>>>> route-map INTERNET permit 10
>>>> match ip address WORKS-LAN
>>>> match interface GigabitEthernet0/1.10
>>>> !
>>>> route-map LINK-2 permit 10
>>>> match ip address WORKS
>>>> match interface GigabitEthernet0/0
>>>> !
>>>> !
>>>> !
>>>> ip access-list standard WORKOUT
>>>> permit 172.16.21.0 0.0.0.255
>>>> !
>>>> ip access-list extended WORKOUT-LAN
>>>> deny ip any 172.16.0.0 0.0.255.255
>>>> permit ip 172.16.21.0 0.0.0.255 any
>>>>
>>>>
>>>> Expert kindly correct me if im wrong.
>>>>
>>>>
>>>>
>>>>
>>>> ABDULLAHI BEGE
>>>> Snr. Network Engineer.
>>>> CCIE# 37630 RnS.
>>>>
>>>>
>>>> On Thu, Oct 3, 2013 at 11:48 AM, Tauseef Khan <
>>>> tasneemjan_at_googlemail.com> wrote:
>>>>
>>>>> thanks Prince, That's ideally I want but as previously mentioned in
>>>>> 12.4 you can't have 2 <ip nat inside> statements. The concluded config form
>>>>> your above config will only be
>>>>> ip nat inside source list LAN_TRAFFIC interface g0/0 overload () this
>>>>> command will overwrite any previous ip nat inside staement
>>>>>
>>>>> secondly, if I nat to a pool with overlaod it will pat but not load
>>>>> balance across all the pool ip address. ie it will first pat 65000 ips to
>>>>> first ip from pool, then to second ip and so on and so forth.
>>>>>
>>>>> Kind regards
>>>>>
>>>>> Tauseef
>>>>> mobile: +44 7837209187
>>>>>
>>>>>
>>>>> On 3 October 2013 11:38, Prince Emirate <begeieia_at_googlemail.com>wrote:
>>>>>
>>>>>> Tauseef,
>>>>>>
>>>>>> I'm not sure the whether this will suffice your requirement....
>>>>>>
>>>>>> ip nat pool FIX-ME 204.12.1.1 204.12.1.31 prefix-length 27
>>>>>> !
>>>>>> ip access-list extended sERVER_TRAFFIC
>>>>>> permit ip 155.1.1.0 0.0.0.31 any
>>>>>> deny ip any any
>>>>>> !
>>>>>> ip nat inside source list NAT_TRAFFIC pool FIX-ME
>>>>>>
>>>>>> access-l extended LAN_TRAFFIC
>>>>>> permit ip 155.1.1.32 0.0.0.31
>>>>>> permit ip 155.1.1.64 0.0.0.31
>>>>>> !
>>>>>> !
>>>>>> ip nat inside source list LAN_TRAFFIC interface g0/0 overload
>>>>>>
>>>>>>
>>>>>>
>>>>>> Expert Kindly correct me if i'm wrong.
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>> ABDULLAHI BEGE
>>>>>> Snr. Network Engineer.
>>>>>> CCIE# 37630 RnS.
>>>>>>
>>>>>>
>>>>>> On Wed, Oct 2, 2013 at 11:46 PM, Joe Sanchez <marco207p_at_gmail.com>wrote:
>>>>>>
>>>>>>> Give and example of what you want . Because it is doable based on
>>>>>>> what I've seen so far.
>>>>>>>
>>>>>>> Regards,
>>>>>>> Joe Sanchez
>>>>>>>
>>>>>>> ( please excuse the brevity of this email as it was sent via a
>>>>>>> mobile device. Please excuse misspelled words or sentence structure.)
>>>>>>>
>>>>>>> On Oct 2, 2013, at 9:28 AM, Tauseef Khan <tasneemjan_at_googlemail.com>
>>>>>>> wrote:
>>>>>>>
>>>>>>> > yes you are right Prince but what I am looking to do is 1-1 nat to
>>>>>>> a /27
>>>>>>> > pool and rest PAT to the Public interface IP address like on ASA,
>>>>>>> which
>>>>>>> > looks not achievable on up to ios 12.4 not sure about 15.x but I
>>>>>>> will test
>>>>>>> > that.
>>>>>>> >
>>>>>>> > Kind regards
>>>>>>> >
>>>>>>> > Tauseef
>>>>>>> > mobile: +44 7837209187
>>>>>>> >
>>>>>>> >
>>>>>>> > On 2 October 2013 13:49, Prince Emirate <begeieia_at_googlemail.com>
>>>>>>> wrote:
>>>>>>> >
>>>>>>> >> In general i think already PAT to the public ip address since
>>>>>>> it's a /24
>>>>>>> >> to 10 public address. Thats 65535 open connection from internal
>>>>>>> to a
>>>>>>> >> single public address. Frankly I hard believe u will exhaust the
>>>>>>> public
>>>>>>> >> address.
>>>>>>> >> I have a deployment of 10.0.0.0/8 to a /29 public, nd we still
>>>>>>> reserved
>>>>>>> >> sm for static NAT.
>>>>>>> >>
>>>>>>> >> Kindly correct me experts if im wrong.
>>>>>>> >> On 1 Oct 2013 12:05, "Sadiq Yakasai" <sadiqtanko_at_gmail.com>
>>>>>>> wrote:
>>>>>>> >>
>>>>>>> >>> See link below. Alot of examples but none of which is exact to
>>>>>>> what you
>>>>>>> >>> are
>>>>>>> >>> asking for:
>>>>>>> >>>
>>>>>>> >>>
>>>>>>> >>>
>>>>>>> http://www.cisco.com/en/US/docs/ios-xml/ios/ipaddr_nat/configuration/12-4/iadnat-addr-consv.html#GUID-2B90342E-DFEE-4593-A4A9-47A17A657ACC
>>>>>>> >>>
>>>>>>> >>>
>>>>>>> >>>
>>>>>>> >>> On Tue, Oct 1, 2013 at 11:44 AM, Tauseef Khan <
>>>>>>> tasneemjan_at_googlemail.com
>>>>>>> >>>> wrote:
>>>>>>> >>>
>>>>>>> >>>> Can you have multiple <ip nat inside> statements? i don't think
>>>>>>> >>>>
>>>>>>> >>>> Kind regards
>>>>>>> >>>>
>>>>>>> >>>> Tauseef
>>>>>>> >>>> mobile: +44 7837209187
>>>>>>> >>>>
>>>>>>> >>>>
>>>>>>> >>>> On 1 October 2013 11:16, Sadiq Yakasai <sadiqtanko_at_gmail.com>
>>>>>>> wrote:
>>>>>>> >>>>
>>>>>>> >>>>> I havent done NAT on IOS in a while but my first reaction to
>>>>>>> your query
>>>>>>> >>>>> would be, yes.
>>>>>>> >>>>>
>>>>>>> >>>>> How about creating a second NAT statement for overloading the
>>>>>>> interface
>>>>>>> >>>>> after the first one that references the pool? Of course, you
>>>>>>> want to
>>>>>>> >>> test
>>>>>>> >>>>> this out! ;-)
>>>>>>> >>>>>
>>>>>>> >>>>> HTH a bit.
>>>>>>> >>>>>
>>>>>>> >>>>> Sadiq
>>>>>>> >>>>>
>>>>>>> >>>>>
>>>>>>> >>>>> On Tue, Oct 1, 2013 at 11:03 AM, Tauseef Khan <
>>>>>>> >>> tasneemjan_at_googlemail.com>wrote:
>>>>>>> >>>>>
>>>>>>> >>>>>> Appreciate if some one could clarify. Is it possible to
>>>>>>> configure NAT
>>>>>>> >>> and
>>>>>>> >>>>>> PAT similtuneously on IOS 12.4x
>>>>>>> >>>>>>
>>>>>>> >>>>>> I need to nat the internal /24 to a pool of 10 public IP
>>>>>>> addresses and
>>>>>>> >>>>>> rest
>>>>>>> >>>>>> to the Public Interface IP address of the router so that when
>>>>>>> the 10
>>>>>>> >>>>>> address pool is exhausted rest of the internal IPs are pated
>>>>>>> to
>>>>>>> >>> Interface
>>>>>>> >>>>>> IP address of Router like on ASA firewalls.
>>>>>>> >>>>>>
>>>>>>> >>>>>>
>>>>>>> >>>>>>
>>>>>>> >>>>>>
>>>>>>> >>>>>> Kind regards
>>>>>>> >>>>>>
>>>>>>> >>>>>> Tauseef
>>>>>>> >>>>>> mobile: +44 7837209187
>>>>>>> >>>>>>
>>>>>>> >>>>>>
>>>>>>> >>>>>> Blogs and organic groups at http://www.ccie.net
>>>>>>> >>>
>>>>>>> _______________________________________________________________________
>>>>>>> >>>>>> Subscription information may be found at:
>>>>>>> >>>>>> http://www.groupstudy.com/list/CCIELab.html
>>>>>>> >>>>>
>>>>>>> >>>>>
>>>>>>> >>>>> --
>>>>>>> >>>>> CCIEx2 (R&S|Sec) #19963
>>>>>>> >>>
>>>>>>> >>>
>>>>>>> >>> --
>>>>>>> >>> CCIEx2 (R&S|Sec) #19963
>>>>>>> >>>
>>>>>>> >>>
>>>>>>> >>> Blogs and organic groups at http://www.ccie.net
>>>>>>> >>>
>>>>>>> >>>
>>>>>>> _______________________________________________________________________
>>>>>>> >>> Subscription information may be found at:
>>>>>>> >>> http://www.groupstudy.com/list/CCIELab.html
>>>>>>> >
>>>>>>> >
>>>>>>> > Blogs and organic groups at http://www.ccie.net
>>>>>>> >
>>>>>>> >
>>>>>>> _______________________________________________________________________
>>>>>>> > Subscription information may be found at:
>>>>>>> > http://www.groupstudy.com/list/CCIELab.html
Blogs and organic groups at http://www.ccie.net
Received on Tue Oct 08 2013 - 14:57:29 ART
This archive was generated by hypermail 2.2.0 : Fri Nov 01 2013 - 07:35:39 ART