05-28-2010 01:25 AM
bonjour,
mon probleme c est que je doit utiliser deux fois le nat dan ma configuration :!: :!:
une j ai utilisé pour le vpn pour mont client vpn(PAT),le problkem c estacause du pool que jai affecter a mon client ne pau pa acceder ai backbon de la société(ou j effectue mon stage) donc ils m ont proposer de faire le nat une autre fois pour changer l addresse de 192.168.1.2 a une autre qui appartien au société xx.xx.xx.201 ma config et un peu pré commes ça
int f 0/0 (interface coté client qui aura l adresse 192.168.1.2)
ip add 10.10.10.1 255.255.255
ip nat [color=#FF0000]outside[/color]no shut
exit
int f 0/1
ip nat [color=#FF0000]inside[/color]no shut
exit
ip local pool vpnpool 192.168.1.1 192.168.1.9
ip nat inside source list 111 interface FastEthernet0/0 overload
dans la confi du vpn mais pour l laccée au backbone je dois faire l inverse
int f0/0
ip nat inside
int f0/1
ip nat [color=#FF4000]outside[/color]
ip nat inside source static 10.10.10.0 xx.xx.xx.0
je comprends pa commen faire et surtout que l outside et l inside se change dans les deux interfaces
05-28-2010 01:18 PM
Hi,
Can you post your threat in english?
Thank you,
Federico.
05-29-2010 01:16 AM
Hi,
I hope you understand english.... (And maybe you should really write in english here, it is a world-wide community and others want to understand too)
My little knowledge of french lets me understand this:
You have two interfaces on a IOS router, one configured for
ip nat inside
the other has
ip nat outside
Now you need for your VPN implementation a configuration, where the outside-global is translated to an outside-local?
Two ways to translate outside-global to an outside-local:
Either use the syntax
ip nat outside source
In your case (if I understood you correclty) it could look like:
ip nat outside source static network 10.10.10.0 xx.xx.xx.0 255.255.255.0
Which will translate a machine on the outside with an address 10.10.10.0/24 to something xx.xx.xx.0/24 on your inside.
Or configure policy routing with an action "set ip next hop", which redirects traffic to a loopback interface. This loopback can have a different ip nat configuration than the originating interface e.g. ip nat inside instead of ip nat outside. It is a rather tricky approach and I do not recommeend to use it if you don't feel comfortable with policy-routing (I have have used it only a few times to solve unusual NAT-problems).
rgds, MiKa
05-29-2010 05:13 AM
hi,
my broblem is that ,i have to use NAt tow times in the same config , one i used in vpn for my vpn
client(pat) and the other is when my tunnel is on i have to change the adresses from the ones taken from the
pool of addresses 192.168.1.0 to the addresse of the bachbon of the company xx.xx.xx.201
10.10.10.0 ----tunnel--->192.168.1.2 192.168.1.9 ---backbone---->xx.xx.xx.201
and i don t know how to do it
thanks m.kafka i ll try it and i ll teel you the result.:) even i didn t understand well but i ll try
06-02-2010 04:16 AM
hi m.kafka,
sorry i didn t get back to you befor they told me that they blocked my port using NAC (and i don't understand because am not familiar withi it ,so i tried it in packet tracer ,it didnt work with nat so i taught to add this
ip route 192.168.1.0 255.255.255 fastethernet0/0
and it work .
if you have any remarks please tell me.and if you have an exemple of the solution you gave me
Header 1 |
---|
Either use the syntax ip nat outside source In your case (if I understood you correclty) it could look like: ip nat outside source static network 10.10.10.0 xx.xx.xx.0 255.255.255.0 |
i would be gratful to you,cause i want to try it seems interesting
thanks again
06-02-2010 05:48 AM
Hi,
if you found a solution that's great.
You say NAC? in that case maybe a NAC-appliance... sounds possible.
If the static route helped you I suggest to leave it that way.
Regards,
Mika
06-02-2010 07:02 AM
HI,
thanks for your help ,so about the exempl ,do you have one so i could try it just in case?
regards,
salwayasalam
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide