CONFIGURANDO NAT EN UN ROUTER 2801

Unanswered Question
Sep 30th, 2010

Buenos dias a todos,

(best regard to everybody)


Tenemos un router 2801 y deseamos natear varios segmentos de red.

(we have a 2801 router and we wish to nat many network segments)


Estos segmentos de red los estamos separando con access-list e ingresandolos a un route-map en particular.

(this network segments are being separated with access-list and putted them in an specific route-map).

Luego definimos, un nat pool especifico para cada segmento y luego aplicamos el nateo.

(then we define an specific pool nat for each network segement and then we aplly nat).


Pueden indicarnos, si es permitido usar varios nat pool y varios segmentos a natear y cual es el numero maximo permitido?

(can you tell us if is allowed the use of many nat pool and many network segment and which is the maximum number allowed?)


Adjunto la configuracion (ejemplo) que estamos usando:

(we add the configuration used:)


interface FastEthernet0/0

ip address 10.91.1.1 255.255.0.0

ip nat outside

duplex auto

speed auto

!

interface FastEthernet0/1

ip address 10.183.200.2 255.255.0.0

ip nat inside

ip policy route-map NO_NAVEGA

duplex auto

speed auto

!

ip classless

ip route 0.0.0.0 0.0.0.0 10.91.1.2

ip route 10.183.0.0 255.255.0.0 10.183.200.1

!

ip http server

ip nat pool AG_1 10.91.111.1 10.91.111.254 netmask 255.255.255.0

ip nat pool AG_2 10.91.121.1 10.91.121.254 netmask 255.255.255.0

ip nat inside source route-map NAVEGA_AG1 pool AG_1 reversible

ip nat inside source route-map NAVEGA_AG2 pool AG_2 reversible

!

ip access-list extended AG_1

deny   ip 10.183.111.0 0.0.0.255 10.1.0.0 0.0.255.255

deny   ip 10.1.0.0 0.0.255.255 10.183.111.0 0.0.0.255

deny   ip 10.183.111.0 0.0.0.255 10.72.0.0 0.0.255.255

deny   ip 10.72.0.0 0.0.255.255 10.183.111.0 0.0.0.255

permit ip any any

ip access-list extended AG_11

permit ip 10.183.0.0 0.0.0.255 10.1.0.0 0.0.255.255

permit ip 10.1.0.0 0.0.255.255 10.183.0.0 0.0.255.255

permit ip 10.183.0.0 0.0.255.255 10.72.0.0 0.0.255.255

permit ip 10.72.0.0 0.0.255.255 10.183.0.0 0.0.255.255

ip access-list extended AG_2

deny   ip 10.183.121.0 0.0.0.255 10.1.0.0 0.0.255.255

deny   ip 10.1.0.0 0.0.255.255 10.183.121.0 0.0.0.255

deny   ip 10.183.121.0 0.0.0.255 10.72.0.0 0.0.255.255

deny   ip 10.72.0.0 0.0.255.255 10.183.121.0 0.0.0.255

permit ip any any

!

route-map NO_NAVEGA permit 10

match ip address AG_11

set ip next-hop 10.91.1.2

!

route-map NAVEGA_AG2 permit 10

match ip address AG_2

!

route-map NAVEGA_AG1 permit 10

match ip address AG_1

!

!


NOta:

el trafico que no es nateado es separado con el access-list: extended AG_11 y puesto en el route-map: NO_NAVEGA para luego ser enrrutado hacia otro router: 10.91.1.2

(the traffic that is not natted is separated with access-list: extended AG_11 and putted into route-map: NO_NAVEGA and then forwarder to 10.91.1.2.

Thanking you in advance.



  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.

Actions

This Discussion

Related Content