GroupStudy.com GroupStudy.com - A virtual community of network engineers
 Home  BookStore  StudyNotes  Links  Archives  StudyRooms  HelpWanted  Discounts  Login
Re: NAT on a stick posted 05/07/2001
[Chronological Index] [Thread Index] [Top] [Date Prev][Date Next] [Thread Prev][Thread Next]


Chris,
The original question was can you do nat over a single interface?
Johnny Dedon
Senior Staff Consultant
Exodus Professional Services
johnny.dedon@xxxxxxxxxx
www.exodus.net
----- Original Message -----
From: "Martin, Chris" <chris@xxxxxxxxxxxx>
To: "Jeff K." <jeffbk@xxxxxxxxxxxxx>; "'Groupstudy '"
<ccielab@xxxxxxxxxxxxxx>
Sent: Monday, May 07, 2001 2:42 PM
Subject: Re: NAT on a stick


> You can have NAT inside / outside on the same router, not the same
> interface. Sorry for the confusion, sample config below:
>
> ip nat pool test 172.16.131.2 172.16.131.10 netmask 255.255.255.0
>  ip nat inside source list 7 pool test
>
>  ip nat inside source static 10.10.10.1 172.16.131.1
>
>  interface e 0
>  ip address 10.10.10.254 255.255.255.0
>  ip nat inside
>
>  interface s 0
>  ip address 172.16.131.254 255.255.255.0
>  ip nat outside
>
>  access-list 7 deny host 10.10.10.1
>  access-list 7 permit 10.10.10.0 0.0.0.255
>
> ----- Original Message -----
> From: "Jeff K." <jeffbk@xxxxxxxxxxxxx>
> To: "Martin, Chris" <chris@xxxxxxxxxxxx>; "'Groupstudy '"
> <ccielab@xxxxxxxxxxxxxx>
> Sent: Monday, May 07, 2001 12:35 PM
> Subject: Re: NAT on a stick
>
>
> > I am curious how you get this to work.  Is this only on physical
> interfaces
> > that allow for subinterfaces (i.e. fast Ethernet, serial) or on certain
> > hardware platforms because whenever I enter 'ip nat inside' and then 'ip
> nat
> > outside,' the outside overrides the inside statement and the only one
that
> > shows in the config is the 'ip nat outside' (whichever I entered last).
> The
> > previously described 'ugly' solutions of loopbacks and policy routing
> makes
> > sense, but I don't see how you can have a physical interface be setup
for
> > both inside and outside NAT.  I'm just curious to see how this works.
> >
> > Thanks in advance,
> >
> > -Jeff
> > ----- Original Message -----
> > From: "Martin, Chris" <chris@xxxxxxxxxxxx>
> > To: "'Groupstudy '" <ccielab@xxxxxxxxxxxxxx>
> > Sent: Monday, May 07, 2001 12:52 PM
> > Subject: Re: NAT on a stick
> >
> >
> > > Yes its possible to have a nat inside / outside on the same
> > router/interface
> > >
> > > ----- Original Message -----
> > > From: "Padhu (LFG)" <padhu@xxxxxxxxxxxx>
> > > To: "'Price, Jamie'" <JPrice@xxxxxxxxxxx>; "'Johnny Dedon '"
> > > <johnny.dedon@xxxxxxxxxx>; "'Groupstudy '" <ccielab@xxxxxxxxxxxxxx>
> > > Sent: Monday, May 07, 2001 10:20 AM
> > > Subject: NAT on a stick
> > >
> > >
> > > > While we are on this subject, Is it possible to have inside and
> outside
> > on
> > > > the same interface, basically NAT on a stick ?
> > > >
> > > > Cheers,Padhu
> > > >
> > > > -----Original Message-----
> > > > From: Price, Jamie [mailto:JPrice@xxxxxxxxxxx]
> > > > Sent: Sunday, May 06, 2001 10:39 PM
> > > > To: 'Johnny Dedon '; 'Groupstudy '
> > > > Subject: RE: Nat question
> > > >
> > > >
> > > >  I have a few customers that are using a router and CBAC.  They have
> > been
> > > > provided a WAN IP address and a separate IP address range for their
> own
> > > use
> > > > by their ISP.  The intent being that the WAN address goes on the
> > external
> > > > i/f of the router and block is used for the router internal i/f, the
> > > > firewall, and any other devices/statics that require public
addresses.
> > > >
> > > > With the router/CBAC scenario though that configuration can't be
> applied
> > > > being as the internal router i/f is actually on the LAN.  In these
> cases
> > I
> > > > have used the allocated range for NAT while still using the WAN
> address,
> > > > which is a completely different subnet to the allocated block, for
the
> > > > external i/f address.
> > > >
> > > > If that's the sort of scenario you're talking about then yes.....it
> > works
> > > > fine.
> > > >
> > > > Jamie
> > > >
> > > > -----Original Message-----
> > > > From: Johnny Dedon
> > > > To: Groupstudy
> > > > Sent: 5/6/01 4:39 PM
> > > > Subject: Nat question
> > > >
> > > > Can nat be done using a single interface?
> > > > I am asked to do nat to an address range that I don't have any
> > > > interfaces
> > > > belonging to.
> > > >
> > > > Johnny Dedon
> > > > Senior Staff Consultant
> > > > Exodus Professional Services
> > > > johnny.dedon@xxxxxxxxxx
> > > > www.exodus.net
> > > > **Please read:http://www.groupstudy.com/list/posting.html
> > > > **Please read:http://www.groupstudy.com/list/posting.html
> > > > **Please read:http://www.groupstudy.com/list/posting.html
> > > **Please read:http://www.groupstudy.com/list/posting.html
> **Please read:http://www.groupstudy.com/list/posting.html
**Please read:http://www.groupstudy.com/list/posting.html
_______________________________________________________
To unsubscribe from the CCIELAB list, send a message to
majordomo@xxxxxxxxxxxxxx with the body containing:
unsubscribe ccielab