Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
317
Views
4
Helpful
5
Replies

NAT on a 2610 with three interfaces

Bojan Zivancevic
Level 1
Level 1

‎07-26-2003 01:20 PM - edited ‎03-02-2019 09:08 AM

Please guys, there must be someone who knows this. I don't need actual config lines, the plain theoretical explanation will do. :) Maybe many of you who will read this will say "why don't you try this and see for yourself" - well the problem is I don't have the third interface YET and I gotta find the solution before it comes into my hands...

I have one inside interface and one outside interface. OK, standard procedure, IP protocol. Now, let's imagine two possibilities.

1) We add a third interface and enable NAT inside. So, we have two insides and one outside. Now, what will happen when I try to send a packet from the third interface (nat inside) to the first interface (nat inside too) and on to the internal network? Is the router clever enough to let the packet go through without translation? And what will happen with the returning packet when it comes back to the router i.e. will the router be confused and try to translate the source address?

2) We add a third interface without any NAT implementation. Is it possible to send the packet from this interface to the internal network (i.e. through the nat inside interface)? Again, what will happen with the packet on the way back? Will the router try to translate it and then toss it away because it isn't on the ACL list for translation?

THANKS A LOT for any suggestion

Labels:
0 Helpful
5 Replies 5

jmia
Level 7
Level 7

‎07-26-2003 04:22 PM

Hi Bojan - The following is from my reply to your post on the security forum. You did mention that you wanted to implement NAT on 2610.

You are trying to implement NAT on 2610, am I correct? If so, try the following:

Here is a example -

Internal addrs space = 10.10.1.0/24

External addrs space = 172.168.1.0/24

We are going to NAT our internal addrs to external addrs.

Using Dynamic NAT,

>Define the IP addrs pool, remember to leave out 172.168.1.1 as this is the serial 0 interface.

>ip nat pool poolone 172.168.1.2 172.168.1.254 netmask 255.255.255.0

>ip nat inside source list 20 pool poolone

>interface ethernet0

>ip address 10.10.1.1 255.255.255.0

>ip nat inside

>interface serial0

>ip nat outside

Now we need to use access-list for our pool above, which is used to select which IP addresses can be translated

>access-list 20 permit 10.10.0.0 0.0.255.255

Hope this helps --

0 Helpful

Bojan Zivancevic
Level 1
Level 1
In response to jmia

‎07-27-2003 10:57 PM

Thanks, you are most kind to post one more message. But, I know about basic NAT procedures and this is not the situation where it can be useful. I was talking about three interfaces and routing between them.

0 Helpful

mark-obrien
Level 4
Level 4

‎07-26-2003 05:26 PM

NAT only occurs when traffic goes between an inside interface and an outside interface. So, in your first example of traffic going from one inside interface to another, there is no NAT. Likewise, in your second example, there is no address translation when going from an inside interface to a non-NATed interface.

HTH

Mark

Bojan Zivancevic
Level 1
Level 1
In response to mark-obrien

‎07-27-2003 11:02 PM

Great Mark, that's the kind of an aswer I needed. Does this mean I can have separate ACLs for NAT and for other traffic? And the router will see whether the packet needs translation or not and use the proper ACL?

Thx!

0 Helpful

rjackson
Level 5
Level 5
In response to Bojan Zivancevic

‎07-28-2003 05:01 AM

This is a good link about NAT order of operation that should answer questions about how it affects ( or doesn't) other things on the same interface.

http://www.cisco.com/en/US/tech/tk648/tk361/technologies_tech_note09186a0080133ddd.shtml

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents