Re: sanity check - NAT [7:410]
My .02 cents I don't think you need the ip nat outside source static - just the inside static is all that is required. If overloading I *believe* that it will overload on one IP before using up the pool so - why not just use a pool of one. Also, best to not let the static be within the pool range. If the serial is within the pool range great -- overload on the interface's IP and the router will arp for the static IP. If not, the outside device(s) will need a route back to the NAT block. Hope this Helps. -kirk On Thu, 12 Apr 2001, David Chandler wrote: > Seem to be missing a couple of things. > > 1. The serial interface is not running IP. > 2. Once you NAT the packets and send them on to the next-hop router; > how does the next-hop router & network know to return the packets to > this > router? > > > Assuming that you are using static routes, and the portion of the config > with the serial > IP was left out; it should work fine. > > > DaveC > > > Irwin Lazar wrote: > > > I need to turn on NAT in a 2500 running Firewall IOS 11.3. It's been a > year > > since I touched a router, so I wanted to run the config by the group for a > > sanity check. (addresses have been changed to protect the innocent) > > > > Here's what I'm trying to do: > > NAT pool (legal addresses) 203.181.70.65 to 203.181.70.94 (slash /27) > > > > Hosts will get addresses via DHCP in the 192.168.1.0 /24 range > > > > The Inside address 192.168.1.11 should statically translate to > 203.181.70.91 > > (that is, hosts on the Internet that try to connect to 203.181.70.65 should > > hit the NAT box, where they are redirected to 192.168.1.11) > > > > Here's my config: > > interface e0 > > ip address 192.168.1.1 255.255.255.0 > > ip nat inside > > ! defines e0 with IP address and inside NAT interface > > > > interface s0 > > ip nat outside > > > > ip nat pool overld 203.181.70.65 206.181.70.90 prefix 27 > > ip nat inside source list 7 pool overld overload > > access-list 7 permit 192.168.1.0 0.0.0.255 > > > > ip nat outside source static 192.16.1.11 203.181.70.91 > > ip nat inside source static 203.181.70.91 192.16.1.11 > > > > Before I slap this on my router, will it work as intended? > > FAQ, list archives, and subscription info: > http://www.groupstudy.com/list/cisco.html > > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] > FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=461&t=410 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: sanity check - NAT [7:410]
Seem to be missing a couple of things. 1. The serial interface is not running IP. 2. Once you NAT the packets and send them on to the next-hop router; how does the next-hop router & network know to return the packets to this router? Assuming that you are using static routes, and the portion of the config with the serial IP was left out; it should work fine. DaveC Irwin Lazar wrote: > I need to turn on NAT in a 2500 running Firewall IOS 11.3. It's been a year > since I touched a router, so I wanted to run the config by the group for a > sanity check. (addresses have been changed to protect the innocent) > > Here's what I'm trying to do: > NAT pool (legal addresses) 203.181.70.65 to 203.181.70.94 (slash /27) > > Hosts will get addresses via DHCP in the 192.168.1.0 /24 range > > The Inside address 192.168.1.11 should statically translate to 203.181.70.91 > (that is, hosts on the Internet that try to connect to 203.181.70.65 should > hit the NAT box, where they are redirected to 192.168.1.11) > > Here's my config: > interface e0 > ip address 192.168.1.1 255.255.255.0 > ip nat inside > ! defines e0 with IP address and inside NAT interface > > interface s0 > ip nat outside > > ip nat pool overld 203.181.70.65 206.181.70.90 prefix 27 > ip nat inside source list 7 pool overld overload > access-list 7 permit 192.168.1.0 0.0.0.255 > > ip nat outside source static 192.16.1.11 203.181.70.91 > ip nat inside source static 203.181.70.91 192.16.1.11 > > Before I slap this on my router, will it work as intended? > FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=425&t=410 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: sanity check - NAT [7:410]
Me thinks that you have already been there. I don't see an ip address on the S0 interface. Should it be 203.181.70.65 ? Had to look up "ip nat outside source static". Cisco says " If you use the ip nat inside command, these packets must originate from the inside. If you use the ip nat outside command, these packets must originate on the outside." Looks good. For those new to the list, Irwin has been a past contributor to this list. He has given presentations at Networld+Interop. His website www.itprc.com should be one of the first places that you look if you have a networking question. > -Original Message- > From: Irwin Lazar [mailto:[EMAIL PROTECTED]] > Sent: Thursday, April 12, 2001 5:00 PM > To: [EMAIL PROTECTED] > Subject: sanity check - NAT [7:410] > > > I need to turn on NAT in a 2500 running Firewall IOS 11.3. > It's been a year > since I touched a router, so I wanted to run the config by > the group for a > sanity check. (addresses have been changed to protect the innocent) > > Here's what I'm trying to do: > NAT pool (legal addresses) 203.181.70.65 to 203.181.70.94 (slash /27) > > Hosts will get addresses via DHCP in the 192.168.1.0 /24 range > > The Inside address 192.168.1.11 should statically translate > to 203.181.70.91 > (that is, hosts on the Internet that try to connect to > 203.181.70.65 should > hit the NAT box, where they are redirected to 192.168.1.11) > > Here's my config: > interface e0 > ip address 192.168.1.1 255.255.255.0 > ip nat inside > ! defines e0 with IP address and inside NAT interface > > interface s0 > ip nat outside > > ip nat pool overld 203.181.70.65 206.181.70.90 prefix 27 > ip nat inside source list 7 pool overld overload > access-list 7 permit 192.168.1.0 0.0.0.255 > > ip nat outside source static 192.16.1.11 203.181.70.91 > ip nat inside source static 203.181.70.91 192.16.1.11 > > Before I slap this on my router, will it work as intended? > FAQ, list archives, and subscription info: > http://www.groupstudy.com/list/cisco.html > Report misconduct > and Nondisclosure violations to [EMAIL PROTECTED] Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=419&t=410 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
