[c-nsp] NAT and ARP
Amol Sapkal
amolsapkal at gmail.com
Thu Oct 21 21:59:51 EDT 2004
Excuse me for not putting the enitre config.
Here is the relevant portion:
!
interface FastEthernet0/0
description LAN
ip address 10.10.10.1 255.255.0.0
no ip redirects
no ip unreachables
no ip proxy-arp
ip nat inside
ip route-cache flow
duplex auto
speed auto
hold-queue 2048 in
!
interface FastEthernet0/1
description XXXXXXXX
ip address 216.x.x.x 255.255.255.252
ip access-group 120 in
ip access-group 130 out
ip nat outside
ip route-cache flow
speed 100
full-duplex
hold-queue 500 out
end
!
ip nat pool natpool-1 216.80.x.30 216.80.x.254 netmask 255.255.255.0
ip nat inside source list 1 pool natpool-1
router0#sh access-list 1
Standard IP access list 1
10 permit 10.10.0.0, wildcard bits 0.0.255.255 (21904120 matches)
20 deny any (512004 matches)
router0#
default route is to fa0/1
Regds,
Amol
On Thu, 21 Oct 2004 08:49:30 -0500, Brian Feeny <signal at shreve.net> wrote:
>
> Well one or all of the following should be really happening:
>
> a) your using a NAT source list that only specifies truly valid
> networks, not something like "any any".
> b) you are filtering so only valid networks can egress
> c) you are using unicast revese path checking
>
> Brian
>
> ---------------------------------------------
> Brian Feeny, CCIE #8036, CISSP
> Network Engineer
> ShreveNet Inc.
>
>
> _______________________________________________
> cisco-nsp mailing list cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/
>
>
>
--
Warm Regds,
Amol Sapkal
--------------------------------------------------------------------
An eye for an eye makes the whole world blind
- Mahatma Gandhi
--------------------------------------------------------------------
More information about the cisco-nsp
mailing list