NAT routing - Next Hop is Multiaccess Interface

Unanswered Question
Jul 4th, 2007

Guys,

Have an interesting one (I think)

So, I have the following

------eth1-rtra-eth0------------------eth0-rtrb---------rtrc

subnet 10.0.0.0/24

rtra-eth1 (NAT inside)

rtra-eth0 IP .1 (NAT outside)

rtrb IP .254

rtrc has external network 11.0.0.0

so I have configured destination NAT

ip nat outside source static 11.0.0.100 10.0.0.100 (all my end user hosts point toward an IP of 10.0.0.100 which get translated to 11.0.0.100)

The destination NAT is within the subnet range.

So, in my routing table I have a route for 10.0.0.100 directly connected via ethernet0 (well its is actually 10.0.0.0/24 and not a host route)

Question 1.

If there is no static host route for the local NAT address (10.0.0.100) to point towards the rtrb-eth0 .254 address, this will never work. Is this correct?

Becuase the router will only ever arp for the host address 10.0.0.100 which does not exist? correct?

Question 2. NAT Question

The NAT order-of-operation states that going from inside to outside on rtra, routing happens before translation. Can I confirm the order of operation of the packet re-write?

So, packet destined for 10.0.0.100 arrives on inside interface. NOW it is routed to outside interface (which must include L2 packet re-write) correct?

Now it the destination of the packet must change to 11.0.0.100. Does this include another packet re-write?

At which point does an arp request happen to populate the L2 destination MAC address? and if it is a broadcast interface? and not next hop? what does it put in there?

Im sorry, but this quick question has turned into a whole host of Qs? Sorry!!

Does anyone know and can clarify for me?

Many thx indeed,

Ken

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
a-vazquez Tue, 07/10/2007 - 10:23

If using NAT on a WAN multi-access interface (with the NIAS component of Border Manager) make sure that a static route is defined in the WAN call for each of the remote networks. This is because only one default route is active at a time in the IP routing table. With multi-access setups, and the possibility of having multiple calls to different destinations at the same time, only one of the interfaces can be the default route. If other calls exist on different interfaces, a static route for the remote networks must be defined.

http://www.cisco.com/en/US/products/sw/iosswrel/ps5187/products_configuration_guide_chapter09186a00801d7f7d.html#wp1049049

Actions

This Discussion