[c-nsp] IOS NAT, translating source into IP not included in routing table

a. rahman isnaini r. sutan risnaini at speed.net.id
Wed Nov 21 22:10:17 EST 2007 


New to me... never been working by translating internal IP to 'external IP 
which is not directly connected to the router...'
If this work pretty well, it'd be good and some ideas might come up later...

rgs
a. rahman isnaini r.sutan


----- Original Message ----- 
From: "Dale Shaw" <dale.shaw+cisco-nsp at gmail.com>
To: <cisco-nsp at puck.nether.net>
Sent: Thursday, November 22, 2007 5:39 AM
Subject: [c-nsp] IOS NAT,translating source into IP not included in routing 
table


> Hi,
>
> My Google-fu is failing me..
>
> Scenario:
>
> FastEthernet0 (NAT inside), IP 10.20.20.1/24
> Tunnel1 (NAT outside), IP 172.16.0.1/24
> DMVPN environment with EIGRP
> Performing static source address translation from hosts in
> 10.20.20.0/24 to 192.168.20.x
>
> interface FastEthernet0
> ip address 10.20.20.1 255.255.255.0
> ip nat inside
> no ip redirects
> no ip proxy-arp
> !
> interface Tunnel1
> ip address 172.16.0.1 255.255.255.0
> ip nat outside
> no ip redirects
> no ip proxy-arp
> !
> interface Loopback0
> ip address 10.63.6.100 255.255.255.255
> !
> router eigrp 10
> redistribute static
> passive-interface default
> no passive-interface Tunnel1
> network 10.63.6.0 0.0.0.255
> network 172.16.0.0 0.0.0.255
> no auto-summary
> !
> ip nat inside source static 10.20.20.50 192.168.20.5
> ip nat inside source static 10.20.20.51 192.168.20.6
> ip nat inside source static 10.20.20.52 192.168.20.7
> ip nat inside source static 10.20.20.53 192.168.20.8
> [...] etc etc
>
> The router will happily translate 10.20.20.50 etc. into any arbitrary
> IP, as per the "ip nat inside .." command, but return traffic is
> unrouteable because there is no routing table entry for 192.168.20.5
> in other routers in the AS.
>
> At present, I'm adding and redistributing a static host route like so:
>
> ip route 192.168.20.5 255.255.255.255 FastEthernet0 10.20.20.2
>
> ..And as expected, 192.168.20.5/32 appears in the routing table and
> packets know how to come back to this router.
>
> It's a bit ugly/counter-intuitive though, don't you think? Is there a
> more elegant way? (perhaps specifying Null0 in the static route would
> be nicer)
> I have a mix of 12.3 and 12.4 IOS in the environment so while I'm
> happy to hear about any better methods, ideally I'm looking for
> something that will work on all versions.
>
> cheers,
> Dale
> _______________________________________________
> cisco-nsp mailing list  cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/

More information about the cisco-nsp mailing list