[c-nsp] nat issue......

Metz, E.T. (Eduard) Eduard.Metz at tno.nl
Fri Aug 3 07:22:07 EDT 2007 

this may help:
http://www.cisco.com/en/US/tech/tk648/tk361/technologies_tech_note09186a
0080093fca.shtml

you don't actually have multiple pools (although maybe some sort of
'null' pool), but in the acl that is referred in the route-map you could
put a deny statement for traffic from 10.100.x.x/22 to a.b.c.d/nn (your
management stations?) followed by a permit for traffic from
10.100.x.x/22 to any destination.

cheers,
	eduard

> -----Original Message-----
> From: cisco-nsp-bounces at puck.nether.net 
> [mailto:cisco-nsp-bounces at puck.nether.net] On Behalf Of p
> Sent: vrijdag 3 augustus 2007 2:29
> To: cisco-nsp at puck.nether.net
> Subject: [c-nsp] nat issue......
> 
> 
> Hi all,
> 
> I have a cisco 7200 that's terminating a bunch of DSL customers.
> These customers are on 10.100.x.x/22 space. I'm doing all nat 
> on the router, ip nat inside on the atm interfaces and ip nat 
> outside on my gateway fast0.
> 
> The problem is from the outside the router I can't get to the 
> 10.100.x.x space. When I ping the 10.100.x.x ips I get a 
> reply from one of the nat pool ips, because the packet coming 
> back to me triggers nat as it passed ip nat inside/ip nat 
> outside. ( so I think! )
> 
> I installed another fast ethernet, lets say 1.1.1.2, without 
> a nat outside statement and I added a static host route to my 
> workstation, workstation 2.2.2.2/32 to 1.1.1.1 (other side of fast2).
> 
> In doing this I was thinking that the packets would be coming 
> in on the default interface fast0 and coming out on fast2 (no 
> nat statement) but this doesn't seem to be the case. I also 
> loose connectivity to fast0, can't ping etc, when I add my 
> workstations host route.
> 
> Basically I'm trying to manage the DSL nat block without it 
> triggering the Nat statements when it comes back to me.
> 
> TIA, P.A
> 
> 
> _______________________________________________
> cisco-nsp mailing list  cisco-nsp at puck.nether.net 
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/
> 

This e-mail and its contents are subject to the DISCLAIMER at http://www.tno.nl/disclaimer/email.html

More information about the cisco-nsp mailing list