[c-nsp] IOS NAT, translating source into IP not included in routing table

Michael Smith mksmith at adhost.com
Thu Nov 22 02:27:40 EST 2007


Hello Dale:

Would it be possible to announce the aggregate with a tie-down route  
similar to BGP?  So, instead of a bunch of /32's, just use:

ip route 192.168.20.0 255.255.255.0 null0 250

I would assume that will propagate into OSPF and, when the traffic for  
that network returns to your router, the static NAT translation table  
should do the association of the 10.x and 192.x IP addresses.

Regards,

Mike

On Nov 21, 2007, at 7:33 PM, Dale Shaw wrote:

> I changed the "ip route .." commands to..
>
> ip route 192.168.20.5 255.255.255.255 Null0 name NAT
>
> .. and it continues to work as expected. This is cleaner, but I'm
> still interested in more elegant solutions. I've seen the "add-route"
> parameter, but it doesn't appear to support /32s, and only seems to be
> available for "ip nat outside .."
>
> cheers,
> Dale
>
>
> On Nov 22, 2007 2:10 PM, a. rahman isnaini r. sutan
> <risnaini at speed.net.id> wrote:
>>
>>
>> New to me... never been working by translating internal IP to  
>> 'external IP
>> which is not directly connected to the router...'
>> If this work pretty well, it'd be good and some ideas might come up  
>> later...
>>
>> rgs
>> a. rahman isnaini r.sutan
>>
>> ----- Original Message -----
>> From: "Dale Shaw" <dale.shaw+cisco-nsp at gmail.com>
>> To: <cisco-nsp at puck.nether.net>
>> Sent: Thursday, November 22, 2007 5:39 AM
>> Subject: [c-nsp] IOS NAT,translating source into IP not included in  
>> routing
>> table
>>
>>
>>> Hi,
>>>
>>> My Google-fu is failing me..
>>>
>>> Scenario:
>>>
>>> FastEthernet0 (NAT inside), IP 10.20.20.1/24
>>> Tunnel1 (NAT outside), IP 172.16.0.1/24
>>> DMVPN environment with EIGRP
>>> Performing static source address translation from hosts in
>>> 10.20.20.0/24 to 192.168.20.x
>>>
> [...]
>>> The router will happily translate 10.20.20.50 etc. into any  
>>> arbitrary
>>> IP, as per the "ip nat inside .." command, but return traffic is
>>> unrouteable because there is no routing table entry for 192.168.20.5
>>> in other routers in the AS.
>>>
>>> At present, I'm adding and redistributing a static host route like  
>>> so:
>>>
>>> ip route 192.168.20.5 255.255.255.255 FastEthernet0 10.20.20.2
>>>
>>> ..And as expected, 192.168.20.5/32 appears in the routing table and
>>> packets know how to come back to this router.
>>>
>>> It's a bit ugly/counter-intuitive though, don't you think? Is  
>>> there a
>>> more elegant way? (perhaps specifying Null0 in the static route  
>>> would
>>> be nicer)
>>> I have a mix of 12.3 and 12.4 IOS in the environment so while I'm
>>> happy to hear about any better methods, ideally I'm looking for
>>> something that will work on all versions.
>>>
>>> cheers,
>>> Dale
> _______________________________________________
> cisco-nsp mailing list  cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/



More information about the cisco-nsp mailing list