[nsp] NAT question

Ejay Hire ejay.hire at isdn.net
Tue Feb 3 07:17:06 EST 2004 

Nat-on-a-stick is the correct answer.  This can be a very annoying "feature". :)
 
-Ejay
 
-----Original Message----- 
From: cisco-nsp-bounces at puck.nether.net on behalf of Brian Turnbow 
Sent: Tue 2/3/2004 1:57 AM 
To: 'Jay Nakamura'; 'Cisco List' 
Cc: 
Subject: RE: [nsp] NAT question



	you can create a loopback address with ip nat outside and policy route
	twords that interface, in this way nat goes through an "inside and outside"
	interface and will work.
	there is a document on the cisco website that explaions the configuration
	thay call it "nat on a stick"
	
	http://www.cisco.com/en/US/partner/tech/tk648/tk361/technologies_tech_note09
	186a0080094430.shtml
	
	-----Original Message-----
	From: cisco-nsp-bounces at puck.nether.net
	[mailto:cisco-nsp-bounces at puck.nether.net]On Behalf Of Jay Nakamura
	Sent: lunedì 2 febbraio 2004 21.53
	To: Cisco List
	Subject: [nsp] NAT question
	
	
	
	I have a quick question on NAT that I haven't found the answer to.
	
	Let's say I have the following configuration,
	
	interface FastEthernet0/1
	 ip address 10.0.0.2 255.255.255.0
	 ip nat inside
	!
	interface FastEthernet0/2
	 ip address 10.0.1.1 255.255.255.0
	 ip nat outside
	!
	ip nat inside source list 101 interface FastEthernet0/2 overload
	ip nat inside source static tcp 10.0.0.1 80 10.0.10.1 80 extendable
	access-list 101 permit ip 10.0.0.0 0.0.0.255 any
	ip route 0.0.0.0 0.0.0.0 10.0.1.2
	
	Let's say 10.0.0.1 is a web server, 10.0.10.1 has the DNS www.foobar.com
	
	Now, the issue is, the users inside would like to connect to the web server
	at 10.0.0.1 but use www.foobar.com as the address.
	
	Well, that doesn't work from inside the network since www.foobar.com will
	resolve to 10.0.10.1, and NAT gets confused when it hits the router.  (At
	least my test bed router does, running 12.2(17a))
	
	Is there a way to configure NAT so you can get to 10.0.10.1 from the inside
	network?
	
	TIA,
	
	-Jay
	
	_______________________________________________
	cisco-nsp mailing list  cisco-nsp at puck.nether.net
	https://puck.nether.net/mailman/listinfo/cisco-nsp
	archive at http://puck.nether.net/pipermail/cisco-nsp/
	
	_______________________________________________
	cisco-nsp mailing list  cisco-nsp at puck.nether.net
	https://puck.nether.net/mailman/listinfo/cisco-nsp
	archive at http://puck.nether.net/pipermail/cisco-nsp/

More information about the cisco-nsp mailing list