[nsp] Poking through NAT

Sorin CONSTANTINESCU adonay at dumnez.eu.org
Wed Apr 28 01:34:41 EDT 2004 

Hi,

You can configure DNAT on that cisco.

https://puck.nether.net/pipermail/cisco-nsp/2003-November/006613.html

-- 
Sorin CONSTANTINESCU
adonay at dumnez.eu.org
Linux Registered User #222086

Paul van der Zel said:
> On Mon, Apr 26, 2004 at 02:55:45PM -0700, Christopher J. Wolff wrote:
>> Hello,
>>
>> If I have a system behind an inside nat interface, and I want to access
>> that
>> system's private IP from outside an outside nat interface, do I have any
>> other options other than a static nat entry or a GRE tunnel?
>>
>> In other words, is it possible to make a Loopback interface or a
>> subinterface a NAT outside interface which leaves a direct route from
>> the
>> outside to the internal IP's behind the NAT inside?
>>
>> I read about Cisco's "Nat on a Stick" which seems to be headed in the
>> right
>> direction; however, at this point nat on a stick doesn't offer the
>> solution
>> I'm seeking.  I suppose that a third option would be to deny the
>> specific
>> private host addresses from the NAT ACL, which eliminates the benefits
>> of
>> DHCP.
>>
>
> not certain of your particular requirements / network setup, however, I
> would set aside a portion of
> the dhcp scope towards hosts such as these that require consistent address
> allocation, and make this
> provision in your dhcp server accordingly.  This way your host would
> always get the same inside IP
> without forfeiting the benefits of dhcp. If you're using a cisco router as
> dhcp server for e.g.
>
> ip dhcp pool STATICHOST
>    host n.n.n.n m.m.m.m
>    client-identifier 01xx.xxxx.xxxx.xx
>    client-name STATICHOST
>    domain-name mydomain.com
>    default-router y.y.y.y
>    dns-server x.x.x.x z.z.z.z etc
>
> Now the static nat entry and appropriate firewall permissions are all that
> would be required.
>
> hth
>
> --
> Paul
> _______________________________________________
> cisco-nsp mailing list  cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/
>

More information about the cisco-nsp mailing list