[nsp] Poking through NAT

Christopher J. Wolff chris at bblabs.com
Mon Apr 26 17:55:45 EDT 2004


Hello,

If I have a system behind an inside nat interface, and I want to access that
system's private IP from outside an outside nat interface, do I have any
other options other than a static nat entry or a GRE tunnel?

In other words, is it possible to make a Loopback interface or a
subinterface a NAT outside interface which leaves a direct route from the
outside to the internal IP's behind the NAT inside?

I read about Cisco's "Nat on a Stick" which seems to be headed in the right
direction; however, at this point nat on a stick doesn't offer the solution
I'm seeking.  I suppose that a third option would be to deny the specific
private host addresses from the NAT ACL, which eliminates the benefits of
DHCP.

Thank you for your assistance,
C.




More information about the cisco-nsp mailing list