What does using 'extendable' do to an 'ip nat inside source' command?

Answered Question
Feb 8th, 2007

I have had a problem where replacing :

'ip nat inside source static tcp 172.19.7.254 10000 64.91.42.142 10000 extendable'

with :

'ip nat inside source static 172.19.7.254 64.91.42.142'

resolved a problem when the frame size of a ping changed length. The frames stopped being routed.

I have this problem too.
0 votes
Correct Answer by ahmednaas about 9 years 7 months ago

Here is the relevant part from:

http://www.cisco.com/en/US/products/ps6640/products_white_paper09186a0080091cb9.shtml

? "Extendable" static translations:

The extendable keyword allows the user to configure several ambiguous static translations, where an ambiguous translations are translations with the same local or global address.

ip nat inside source static extendable

Some customers want to use more than one service provider and translate into each provider's address space. You can use route-maps to base the selection of global address pool on output interface as well as an access-list match. Following is an example:

ip nat pool provider1-space ...

ip nat pool provider2-space ...

ip nat inside source route-map provider1-map pool provider1-space

ip nat inside source route-map provider2-map pool provider2-space

!

route-map provider1-map permit 10

match ip address 1

match interface Serial0/0

!

route-map provider2-map permit 10

match ip address 1

match interface Serial0/1

Once that is working, they might also want to define static mappings for a particular host using each provider's address space. The software does not allow two static translations with the same local address, though, because it is ambiguous from the inside. The router will accept these static translations and resolve the ambiguity by creating full translations (all addresses and ports) if the static translations are marked as "extendable". For a new outside-to-inside flow, the appropriate static entry will act as a template for a full translation. For a new inside-to-outside flow, the dynamic route-map rules will be used to create a full translation.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 3.5 (2 ratings)
Loading.
ahmednaas Thu, 02/08/2007 - 22:17

The extendable keyword allows the translation of a pair of IP address and specific port number to a corresponding pair. in your case the pairs are (172.19.7.254, 10000) and (64.91.41.142, 10000). This is useful if you want to offer access to services behind NAT.

e.gienko Fri, 02/09/2007 - 09:45

I understand that I can also 'translate' ports so that outside address/port

combinations may be used to select other hosts.

example:

ip nat inside source static tcp 172.19.7.254 10000 64.91.42.142 10000 extendable

ip nat inside source static tcp 172.19.7.123 80 64.91.42.142 8080 extendable

In this case, I can understand that the router will have multiple translations for

one address.

But in the following command, 'extendable' can be used without ports. What does

extendable allow here?

=============

ip nat inside source {static {local-ip global-ip} [extendable] [no-alias] [no-payload]

[route-map] [redundancy group-name] | interface type name}

=============

Correct Answer
ahmednaas Fri, 02/09/2007 - 10:35

Here is the relevant part from:

http://www.cisco.com/en/US/products/ps6640/products_white_paper09186a0080091cb9.shtml

? "Extendable" static translations:

The extendable keyword allows the user to configure several ambiguous static translations, where an ambiguous translations are translations with the same local or global address.

ip nat inside source static extendable

Some customers want to use more than one service provider and translate into each provider's address space. You can use route-maps to base the selection of global address pool on output interface as well as an access-list match. Following is an example:

ip nat pool provider1-space ...

ip nat pool provider2-space ...

ip nat inside source route-map provider1-map pool provider1-space

ip nat inside source route-map provider2-map pool provider2-space

!

route-map provider1-map permit 10

match ip address 1

match interface Serial0/0

!

route-map provider2-map permit 10

match ip address 1

match interface Serial0/1

Once that is working, they might also want to define static mappings for a particular host using each provider's address space. The software does not allow two static translations with the same local address, though, because it is ambiguous from the inside. The router will accept these static translations and resolve the ambiguity by creating full translations (all addresses and ports) if the static translations are marked as "extendable". For a new outside-to-inside flow, the appropriate static entry will act as a template for a full translation. For a new inside-to-outside flow, the dynamic route-map rules will be used to create a full translation.

Actions

This Discussion