[c-nsp] NAT configuration
Oliver Boehmer (oboehmer)
oboehmer at cisco.com
Mon Oct 10 12:24:33 EDT 2005
Not really sure which problem you want to address. You have two public
addresses and want to share the translations between both addresses? The
problem is that NAT (rather: PAT) configured with a pool will exhaust
all ports of the first address in the pool before using the 2nd one, so
just as Primoz wrote, you will likely end up using the first address for
almost all translations.
load-sharing between all addresses is a valid request, but currently
there is no real solution.
You might work around this using two pools (each with one address) and
then use route-maps or ACLs to use one pool for some and the other for
other connections (like odd and even src/destination networks, etc.).
oli
Vikas Sharma <> wrote on Monday, October 10, 2005 1:33 PM:
> Thanks dear, just want to know has anybody implemented this kind of
> setup?? If yes what is the result?
> :)
> Vikas
>
> On 10/10/05, Primoz Jeroncic <jp at softnet.si> wrote:
>>
>> On Sat, 8 Oct 2005, Vikas Sharma wrote:
>>
>>> Hey thanks for the reply, but the question is slightly different. I
>>> have two Real IP and One private IP. Can I do this now? I mean to
>>> nat one private IP to two Real IP using "ip nat pool
>>> global-overload" command?
>>>
>>
>> Hi there
>>
>> Hehe this time it's not my english :P I guess you miss typed before
>> :) Anyway... you can do pool and do global overload on pool but it
>> won't do much. It will work but you will always have only 1 ip in
>> use. But with pool you will have at this moment one ip and other
>> time it can be that it will assign second ip from pool. Probably it
>> won't since first one won't be used so there's huge probability that
>> you will always get assigned only first ip, since there won't be
>> need for second IP.
>> Hope this helps at least a bit :)
>>
>> Have fun,
>> Primoz
>>
>>>
>>> On 10/8/05, Primoz Jeroncic <jp at softnet.si> wrote:
>>>>
>>>> On Sat, 8 Oct 2005, Vikas Sharma wrote:
>>>>
>>>>> Hi,
>>>>> I am configuring NAT. I have two Private IP and one public IP.
>>>>> Can I do natting in this situation (Two private IP overloading to
>>>>> a single real ip)? Can I use global-overload (ip nat pool
>>>>> global-overload 208.1.2.3 <http://208.1.2.3>
>>>>> <http://208.1.2.3><http://208.1.2.3> 208.1.2.4 <http://208.1.2.4>
>>>>> <http://208.1.2.4> <http://208.1.2.4> netmask 255.255.255.0
>>>>> <http://255.255.255.0><http://255.255.255.0><
>>>>> http://255.255.255.0>)? If any one have done this configuration,
>>>>> pls share the result. Thanks Vikas
>>>>
>>>> Sure you can. You have few options (if you have router and not
>>>> PIX). One is to use outside interface for overload, another is to
>>>> create loopback interface and configure it as outside interface
>>>> assigning your public IP to it and use it for overload (it won't
>>>> work if your public IP is from same subnet as outside
>>>> ethernet/serial/...). Another option is to create pool for nat. If
>>>> you have PIX easiest solution is to configure global overload on
>>>> that IP address or just use global overload with outside ethernet
>>>> of PIX. Both ways work fine. If you need exact config let me know
>>>> and I will write those few lines :)
>>>>
>>>> Have nice weekend,
>>>> Primoz Jeroncic
>>>> Support - IP Connectivity & Routing
>>>> -------------------------------------------------------------------
>>>> Softnet d.o.o. tel: +386 1 562 31 40 |
>>>> Borovec 2 fax: +386 1 562 18 55 | 1 + 1 = 3
>>>> 1236 Trzin primoz(at)softnet.si | for larger values of 1
>>>> Slovenija http://flea.softnet.si/
>>>> -------------------------------------------------------------------
>>>>
>>>>
>>>
>>
>> lp,
>> Primoz Jeroncic
>> Support - IP Connectivity & Routing
>> -------------------------------------------------------------------
>> Softnet d.o.o. tel: +386 1 562 31 40 |
>> Borovec 2 fax: +386 1 562 18 55 | 1 + 1 = 3
>> 1236 Trzin primoz(at)softnet.si | for larger values of 1
>> Slovenija http://flea.softnet.si/
>> -------------------------------------------------------------------
>>
>>
> _______________________________________________
> cisco-nsp mailing list cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/
More information about the cisco-nsp
mailing list