""Doug S"" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > The way PAT works when overloading multiple addresses is to overload the > first address in the pool until ALL port numbers are used up. I can't point > you to any publicly available documentation on this, but cut and pasted from > Network Academy curriculum: > > "However, on a Cisco IOS router, NAT will > overload the first address in the pool until > it's maxed out, and then move on to the > second address, and so on."
I don't think so. I think whoever put this into Cisco training materials ought to be named and publicly humiliated. I know from cold hard experience that if you have a pool with several addresses and overload configured, each addres in the pool is translated one to one, and then the last number is shared among all comers after that. isn't there any real technical review of the training materials? > > I've seen people wanting to get around this behavior for a variety of > reasons and I haven't seen anyone post a good reply. I've come up with a a > workaround that I beleive should work for you, although you'll have to take > a good look at your inside local addresses and figure out how to best define > those in to two equal groups. Each group could then be separately > translated to a different address. > > For instance, if you are now transating 8000 inside addresses all in the > range of 10.0.32.0/19 to one overloaded pool, you could configure it to > translate 10.0.32.0/20 to one overloaded pool and 10.0.48.0/20 to a separate > overloaded pool something like > > #access-list 1 permit 10.0.32.0 0.0.15.255 > #access-list 2 permit 10.0.48.0 0.0.15.255 > #ip nat pool LOWER_ADDRESSES_TRANSLATE_TO 209.211.100.1 209.211.100.5 pre 24 > #ip nat pool HIGHER_ADDRESSES_TRANSLATE_TO 209.211.100.6 209.211.100.10 pre > 24 > #ip nat inside source list 1 pool LOWER_ADDRESSES_TRANSLATE_TO overload > #ip nat inside source list 2 pool HIGHER_ADDRESSES_TRANSLATE_TO overload > > Forgive me if I've screwed up the syntax somewhere, but the idea is there. > As I said, you'll have to put some thought into what best works in your > addressing scheme to best separate translated addresses in to two roughly > equal groups. You might even find it helpful to partition them in to more > than two groups. > > Hope it helps. Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=60819&t=60663 -------------------------------------------------- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
