×

Warning message

  • Cisco Support Forums is in Read Only mode while the site is being migrated.
  • Cisco Support Forums is in Read Only mode while the site is being migrated.

simple nat help

Unanswered Question
Dec 16th, 2011
User Badges:

HI all


can you please look in to my config and say the natting is correct.



int gi 0/0

ip address 10.10.45.1 255.255.255.0

ip nat inside


int  gi 0/1

ip address 99.89.99.99 255.255.255.248

ip nat outside


int gi 0/2

ip address 101.100.188.130 255.255.255.248

ip nat outside


access-list 10 permit 10.10.45.0 0.0.0.255


ip nat inside sourcelist 10 int fa 0/1 overload



or



#ip nat pool XXX <start ip> <end ip> netmask  255.255.255.248

#ip nat inside source list 10 XXX overload


Regards

srikanth

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (3 ratings)
Loading.
viswamin Fri, 12/16/2011 - 05:17
User Badges:
  • Cisco Employee,

Hi Srikanth,


Looks like we have a problem in this command


ip nat inside sourcelist 10 int fa 0/1 overload


as we dont have fa 0/1 in the shared config. so it should be gi0/1 or gig0/2 instead of fa0/1


Rest of the configurations looks good to me


-Vijay

srikanth ath Fri, 12/16/2011 - 05:20
User Badges:

Hi vijay


thanks for the quick reply. and thats my mistake fa 0/1 should be gi 0/1


and can i go with this nat policy whats the diffence between 1 and 2 below


1.

access-list 10 permit 10.10.45.0 0.0.0.255


ip nat inside sourcelist 10 int gi 0/1 overload


2.

#ip nat pool XXX netmask  255.255.255.248

#ip nat inside source list 10 XXX overload


Thanks

srikanth

Latchum Naidu Fri, 12/16/2011 - 05:24
User Badges:
  • Blue, 1500 points or more

Hi srikanth,


Some of the fiels are incorrect in your config.
See the below config which fits you....


int gi 0/0
ip address 10.10.45.1 255.255.255.0
ip nat inside


int  gi 0/1
ip address 99.89.99.99 255.255.255.248
ip nat outside


int gi 0/2
ip address 101.100.188.130 255.255.255.248
ip nat outside


ip nat inside source route-map nonat interface GigabitEthernet0/1 overload


route-map nonat permit 10
match ip address NONAT


ip access-list extended NONAT
permit ip 10.10.15.0 0.0.0.255 any



Please rate the helpfull posts.
Regards,
Naidu.

viswamin Fri, 12/16/2011 - 05:48
User Badges:
  • Cisco Employee,

Hi Naidu.,


I doubt if the above said config works.


You had defined an access list


ip access-list extended NONAT

permit ip 10.10.15.0 0.0.0.255 any


which will match the source address on 10.10.15.0/24 network. This will not have any match.


so the natting itself will not happen. I guess the ACL shuld permit 10.10.45.0 instead of 10.10.15.0


Also, the NAT can be performed with ACL's alone instead of writing a route map. so we cannot claim that the config that srikanth had is incorrect. its just other way of matching the IP to NAT.


-Vijay

Latchum Naidu Sun, 12/18/2011 - 23:16
User Badges:
  • Blue, 1500 points or more

Hi Vijay,


I just put an example numbers, so the Srikanth need to change those number according to his requirement.
I knew that NAT can be perform with ACL's, the idea behind route-map are more flexible than ACL.
I thought to list what all the filelds can be put in more effecient way.


Hope I clear you...


Please rate the helpfull posts.
Regards,
Naidu.

Actions

This Discussion