[nsp] Cisco NAT for only some outside interfaces?

[David Sinn]

Since the tunnel is on the inside of your network, put a "ip nat inside"
on it.  This will let the router know to not use any translation.
Traffic from "inside" to "inside" interfaces aren't touched by NAT.

I also pretty sure just leaving off the "ip nat inside" command will
work, but I haven't tried it to actually be certain.

David

-----Original Message-----
From: John Vaughan [mailto:jvaughan@agency.com]=20
Sent: Friday, August 02, 2002 11:08 AM
To: cisco-nsp@puck.nether.net
Subject: [nsp] Cisco NAT for only some outside interfaces?




I have a situation which was thrust upon me and I have not got the=20
time/equipment to test it, so I need the benefit of the collective=20
experience.

I have to move my network in a piece and stick it behind someone else's=20
/28. To preserve my network IPs until we get our own connectivity, I'll
be=20
natting on my edge router to the /28 IPs. However, each of my other=20
offices will have a standard gre tunnel interface to the edge router,
and=20
I intend to route all the 'internal' inter-office traffic over the
tunnels.

My question is basically this:

I can appreciate setting the internal interfaces with 'ip nat inside'
and=20
the main outside interface as 'ip nat outside'. However, if I _don't_
put=20
'ip nat outside' on my tunnel interfaces, will it do what I want and not

NAT any traffic that it sends through the tunnels? If not, how do I make

the traffic going to the tunnels not get translated while everything
else=20
going through the main interface does get translated?
I can see that if I have to do something clever, using route-maps would
be=20
the way to go, but I can't see how you'd say "depending on the=20
_destination_ IP/interface, don't translate this traffic".



--=20
John


_______________________________________________
cisco-nsp mailing list  real_name)s@puck.nether.net
http://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/