[c-nsp] IOS NAT, translating source into IP not included in routing table
Dale Shaw
dale.shaw+cisco-nsp at gmail.com
Wed Nov 21 17:39:42 EST 2007
Hi,
My Google-fu is failing me..
Scenario:
FastEthernet0 (NAT inside), IP 10.20.20.1/24
Tunnel1 (NAT outside), IP 172.16.0.1/24
DMVPN environment with EIGRP
Performing static source address translation from hosts in
10.20.20.0/24 to 192.168.20.x
interface FastEthernet0
ip address 10.20.20.1 255.255.255.0
ip nat inside
no ip redirects
no ip proxy-arp
!
interface Tunnel1
ip address 172.16.0.1 255.255.255.0
ip nat outside
no ip redirects
no ip proxy-arp
!
interface Loopback0
ip address 10.63.6.100 255.255.255.255
!
router eigrp 10
redistribute static
passive-interface default
no passive-interface Tunnel1
network 10.63.6.0 0.0.0.255
network 172.16.0.0 0.0.0.255
no auto-summary
!
ip nat inside source static 10.20.20.50 192.168.20.5
ip nat inside source static 10.20.20.51 192.168.20.6
ip nat inside source static 10.20.20.52 192.168.20.7
ip nat inside source static 10.20.20.53 192.168.20.8
[...] etc etc
The router will happily translate 10.20.20.50 etc. into any arbitrary
IP, as per the "ip nat inside .." command, but return traffic is
unrouteable because there is no routing table entry for 192.168.20.5
in other routers in the AS.
At present, I'm adding and redistributing a static host route like so:
ip route 192.168.20.5 255.255.255.255 FastEthernet0 10.20.20.2
..And as expected, 192.168.20.5/32 appears in the routing table and
packets know how to come back to this router.
It's a bit ugly/counter-intuitive though, don't you think? Is there a
more elegant way? (perhaps specifying Null0 in the static route would
be nicer)
I have a mix of 12.3 and 12.4 IOS in the environment so while I'm
happy to hear about any better methods, ideally I'm looking for
something that will work on all versions.
cheers,
Dale
More information about the cisco-nsp
mailing list