You would need to have routing out on the internet that says how to get back to those addresses or what would do is get rid of the nat pool and nat using the Serial interface address.
-----Original Message----- From: James Gosnold [mailto:[EMAIL PROTECTED] Sent: Friday, March 21, 2003 9:55 AM To: [EMAIL PROTECTED] Subject: Confused over NAT [7:65926] Dear all, Just having a slight problem getting my head around NAT regarding the example configurations in the study guides I have. access-list 1 permit 10.0.0.1 0.0.0.255 (defines list of addresses) ip nat pool mynatpool 222.2.2.1 222.2.2.254 netmask 255.255.255.0 (defines pool of inside global addresses NAT can replace the SA with) ip nat inside source list 1 pool mynatpool (applies the addresses laid out in the access-list as inside addresses and tells router to replace SA from mynatpool) int eth0 ip address 10.0.0.1 255.255.255.0 ip nat inside (tells NAT that this is where inside addresses come from) int ser0 ip address 133.4.4.1 255.255.255.0 ip nat outside So here is my confusion: If the Ser0 interface is the WAN address (133.4.4.1) and it replaces the inside local address with a SA from mynatpool (222.2.2.1 - 222.2.2.254) then how will the packet get back to the WAN interface? I thought that NAT would replace the inside local address with the address of the WAN interface, not a group of different public ip addresses? How will the packet get back if the SA is from the range 222.2.2.1 - 254 and yet the IP address of the WAN interface is clearly not from this range? Confused from London.... Regards, James. Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=65931&t=65926 -------------------------------------------------- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
