Re: Friday Follies - IP NAT behaviour [7:15822]

Sun, 12 Aug 2001 22:15:19 -0700 

I'll take a stab.
Going from inside to outside,  Nat takes happens before policy routing.
>From outside to inside,  just the oposite takes place.  Without looking at
the configs, This is the best I can come up with.

Good brain teaser though !!!!

Tony M.
#6172

----- Original Message -----
From: "Chuck Larrieu" 
To: 
Sent: Sunday, August 12, 2001 9:06 PM
Subject: Friday Follies - IP NAT behaviour [7:15822]


> so I'm late. so sue me ;->
>
> last Friday while I was in the office I got to chatting with one of the
> other SE's. He had a problem with his home setup and wanted some help. It
> was an interesting enough problem that I thought some of you CCNA's, some
of
> your CCNP candidates, might enjoy taking a crack at it.
>
> this person has a DSL connection to the internet. He has an single
assigned
> IP address. He is using a Cisco router as his firewall, in this fashion:
>
> internet---DSL_router--Cisco_router--web_server
>                       E0          E1
>
> life is good.
>
> then he starts to fool around with NAT. He puts a private IP on his web
> server, and he runs NAT on the Cisco router. Again, life is good. folks
can
> reach his web server from the net.
>
> but now he wants to telnet from the net ( i.e. from work ) into the Cisco
> router.. He cannot do so. instead he hits his web server, where telnet is
> not running as a service.
>
> so he disables NAT. he configures policy routing, and places the policy
> statement on the correct interface. tries to telnet into the cisco router.
> He can do so. however, now he cannot reach the web server from the net. if
> he enables the http server on the Cisco router, he gets the Cisco router
> login screen from his browser.
>
> now the question is, why? that is, what is the reason that the two
> situations occur? with NAT enabled, he cannot telnet to the router. with
NAT
> disabled, he cannot browse the web server, even with policy routing in
> place.
>
> you may assume that all configurations are correct, both for NAT and for
> policy routing. At least that's what the two CCIE's who joined the
> discussion told us ;->
>
> answers late Monday.
>
> Chuck




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=15823&t=15822
--------------------------------------------------
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Reply via email to