05-28-2010 01:25 AM
bonjour,
mon probleme c est que je doit utiliser deux fois le nat dan ma configuration :!: :!:
une j ai utilisé pour le vpn pour mont client vpn(PAT),le problkem c estacause du pool que jai affecter a mon client ne pau pa acceder ai backbon de la société(ou j effectue mon stage) donc ils m ont proposer de faire le nat une autre fois pour changer l addresse de 192.168.1.2 a une autre qui appartien au société xx.xx.xx.201 ma config et un peu pré commes ça
int f 0/0 (interface coté client qui aura l adresse 192.168.1.2)
ip add 10.10.10.1 255.255.255
ip nat [color=#FF0000]outside[/color]no shut
exit
int f 0/1
ip nat [color=#FF0000]inside[/color]no shut
exit
ip local pool vpnpool 192.168.1.1 192.168.1.9
ip nat inside source list 111 interface FastEthernet0/0 overload
dans la confi du vpn mais pour l laccée au backbone je dois faire l inverse
int f0/0
ip nat inside
int f0/1
ip nat [color=#FF4000]outside[/color]
ip nat inside source static 10.10.10.0 xx.xx.xx.0
je comprends pa commen faire et surtout que l outside et l inside se change dans les deux interfaces
05-28-2010 01:18 PM
Hi,
Can you post your threat in english?
Thank you,
Federico.
05-29-2010 01:16 AM
Hi,
I hope you understand english.... (And maybe you should really write in english here, it is a world-wide community and others want to understand too)
My little knowledge of french lets me understand this:
You have two interfaces on a IOS router, one configured for
ip nat inside
the other has
ip nat outside
Now you need for your VPN implementation a configuration, where the outside-global is translated to an outside-local?
Two ways to translate outside-global to an outside-local:
Either use the syntax
ip nat outside source
In your case (if I understood you correclty) it could look like:
ip nat outside source static network 10.10.10.0 xx.xx.xx.0 255.255.255.0
Which will translate a machine on the outside with an address 10.10.10.0/24 to something xx.xx.xx.0/24 on your inside.
Or configure policy routing with an action "set ip next hop", which redirects traffic to a loopback interface. This loopback can have a different ip nat configuration than the originating interface e.g. ip nat inside instead of ip nat outside. It is a rather tricky approach and I do not recommeend to use it if you don't feel comfortable with policy-routing (I have have used it only a few times to solve unusual NAT-problems).
rgds, MiKa
05-29-2010 05:13 AM
hi,
my broblem is that ,i have to use NAt tow times in the same config , one i used in vpn for my vpn
client(pat) and the other is when my tunnel is on i have to change the adresses from the ones taken from the
pool of addresses 192.168.1.0 to the addresse of the bachbon of the company xx.xx.xx.201
10.10.10.0 ----tunnel--->192.168.1.2 192.168.1.9 ---backbone---->xx.xx.xx.201
and i don t know how to do it
thanks m.kafka i ll try it and i ll teel you the result.:) even i didn t understand well but i ll try
06-02-2010 04:16 AM
hi m.kafka,
sorry i didn t get back to you befor they told me that they blocked my port using NAC (and i don't understand because am not familiar withi it ,so i tried it in packet tracer ,it didnt work with nat so i taught to add this
ip route 192.168.1.0 255.255.255 fastethernet0/0
and it work .
if you have any remarks please tell me.and if you have an exemple of the solution you gave me
Header 1 |
---|
Either use the syntax ip nat outside source In your case (if I understood you correclty) it could look like: ip nat outside source static network 10.10.10.0 xx.xx.xx.0 255.255.255.0 |
i would be gratful to you,cause i want to try it seems interesting
thanks again
06-02-2010 05:48 AM
Hi,
if you found a solution that's great.
You say NAC? in that case maybe a NAC-appliance... sounds possible.
If the static route helped you I suggest to leave it that way.
Regards,
Mika
06-02-2010 07:02 AM
HI,
thanks for your help ,so about the exempl ,do you have one so i could try it just in case?
regards,
salwayasalam
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: