Thank you all for your answers. On Mon, Jan 17, 2011 at 11:28 PM, Dave Blank <[email protected]> wrote:
> Thanks Tyson. I almost posted the same question the other day since I > found > the documentation on NVI less than clear, and I think you've explained the > piece that was confusing me. > > So just to make sure I understand this, "domain based NAT" will translate > anything that starts with (config)# ip nat inside ... *only* on interfaces > configured with (config-if)# ip nat inside and will translate anything that > starts with (config)# ip nat outside ... *only* on interfaces configured > with (config-if)# ip nat outside. > > For NVI, we just use (config)# ip nat source ... and it will translate > anything matching the specifications regardless of direction. > > Also, NVI doesn't work with a route-maps, so if you need to translate a > specific set of source/destination networks or match on something more > complex, you would need to use a route-map and domain based NAT (even > though > it seems be configurable when using NVI): > R8(config)#ip nat source route-map ? > WORD Route-map name > > Any other circumstances you can think of that would require the use NVI vs. > domain-based NAT? Otherwise, seems like NVI would actually be easier as a > general rule. > -Dave > > > On Tue, Jan 18, 2011 at 12:11 AM, Max Pierson <[email protected]> > wrote: > > > I like the new NAT format which I still need to learn a little more about > > it, but I wish Cisco would would make up their mind and stick with it. > > > > Tyson, I know you're aware of the PIX/ASA "access-list permits/denys" we > > mapped to the outside public and not the inside translated IP up until > 8.3. > > WTF .... been that way for years .... but now they decide to change to > the > > logic that I first "thought" I understood to make sense. Now it's all > > reverse of what i've been using the last 5 years. Go figure :) > > > > Anyways, enough ranting for the day. Tyson, thanks for the help earlier. > > > > Regards, > > Max > > > > On Mon, Jan 17, 2011 at 10:02 PM, Tyson Scott <[email protected]> > wrote: > > > > > Also if you click on the vlecture link in Marko's signature I have a > > > vlecture on NAT on ASA and IOS and that should help with this concept > as > > > well I believe. > > > > > > Regards, > > > > > > Tyson Scott - CCIE #13513 R&S, Security, and SP > > > Managing Partner / Sr. Instructor - IPexpert, Inc. > > > Mailto: [email protected] > > > Telephone: +1.810.326.1444, ext. 208 > > > Live Assistance, Please visit: www.ipexpert.com/chat > > > eFax: +1.810.454.0130 > > > > > > IPexpert is a premier provider of Self-Study Workbooks, Video on > Demand, > > > Audio Tools, Online Hardware Rental and Classroom Training for the > Cisco > > > CCIE (R&S, Voice, Security & Service Provider) certification(s) with > > > training locations throughout the United States, Europe, South Asia and > > > Australia. Be sure to visit our online communities at > > > www.ipexpert.com/communities and our public website at > www.ipexpert.com > > > > > > > > > -----Original Message----- > > > From: [email protected] > > > [mailto:[email protected]] On Behalf Of Nilesh Mehta > > > Sent: Monday, January 17, 2011 6:32 PM > > > To: [email protected] > > > Subject: [OSL | CCIE_RS] difference between ip nat enable/ip nat inside > > > > > > I am not sure what is the difference between these two NAT commands. > Can > > > any > > > one help to understand what is difference between ip nat enable and ip > > nat > > > inside/outside command > > > > > > Example:--1 > > > int fa0/0 > > > ip nat inside > > > int s0/0/0 > > > ip nat out > > > ------------- > > > example--2 > > > int fa0/0 > > > ip nat enable > > > int s0/0/0 > > > ip nat enable > > > > > > > > > I know ip nat enable is new method of doing nat and create an NVI > > > interface > > > but my questions is, > > > both commands are same ? can we use vice-versa or there there some > > > situation where you can use only specific one ( I mean ipnat enable or > ip > > > natinside/outside) > > > > > > Thanks > > > > > > Nilesh > > > _______________________________________________ > > > For more information regarding industry leading CCIE Lab training, > please > > > visit www.ipexpert.com > > > > > > _______________________________________________ > > > For more information regarding industry leading CCIE Lab training, > please > > > visit www.ipexpert.com > > > > > _______________________________________________ > > For more information regarding industry leading CCIE Lab training, please > > visit www.ipexpert.com > > > _______________________________________________ > For more information regarding industry leading CCIE Lab training, please > visit www.ipexpert.com > _______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com
