[c-nsp] NAT on one interface
Collins, Richard (SNL US)
richard.1.collins.ext at nsn.com
Fri Aug 24 18:03:38 EDT 2007
Hi Michael,
I was looking at the Cisco document - Nat on a stick.
I understand you should have the "ip nat inside" on your internal
interface and also the PBR.
The loopback2 will be the "ip nat outside" and not your WAN interface.
For example:
int eth0/0
ip nat inside
ip policy route-map NATpolicy
route-map NATpolicy permit 10
match ip address NATpolicyACL
set ip next-hop 10.0.224.18
interface Loopback2
description Virtual NAT interface
ip address 10.0.224.17 255.255.255.252
ip nat outside
Rgds,
Rich
____________________________________________________________
>interface Loopback2
> description Virtual NAT interface
> ip address 10.0.224.17 255.255.255.252
> ip nat inside
> ip virtual-reassembly
> ip policy route-map NATpolicy
>
>interface Serial1/0/18:0
> description This is the gateway to external network
> ip address 66.174.183.218 255.255.255.252
> ip nat outside
> ip virtual-reassembly
>
>ip route 166.159.223.192 255.255.255.192 Loopback2
>ip route 166.244.16.128 255.255.255.192 Loopback2
>ip route 198.224.199.152 255.255.255.248 Loopback2
>
>ip nat inside source static 192.168.12.170 198.224.199.153
>
>ip access-list extended NATpolicyACL
> permit ip 192.168.12.0 0.0.0.255 166.159.223.192 0.0.0.63
> permit ip 192.168.12.0 0.0.0.255 166.244.16.128 0.0.0.63
> permit ip 192.168.12.0 0.0.0.255 66.174.183.216 0.0.0.3
>
>route-map NATpolicy permit 10
> match ip address NATpolicyACL
> set ip next-hop 66.174.183.217
>_____________________________________________________________
>
>Doesn't work - route-map shows no hits at all. Any help appreaciated.
>
>Thanks,
>Michael Malitsky
More information about the cisco-nsp
mailing list