[c-nsp] IOS NAT, translating source into IP not included in routing table

Tassos Chatzithomaoglou achatz at forthnet.gr
Tue Nov 27 03:32:29 EST 2007 

Usually, you have 3 options (actually the last 2 are variations of the same option):

1) redistribute a static route (to null) of the nat outside address space
2) redistribute a "virtual" connected interface (a loopback) having an ip from the nat outside 
address space
3) use the network of a physical connected interface (which is already routed) for nat outside 
address space

--
Tassos


Dale Shaw wrote on 22/11/2007 5:33 πμ:
> I changed the "ip route .." commands to..
> 
> ip route 192.168.20.5 255.255.255.255 Null0 name NAT
> 
> .. and it continues to work as expected. This is cleaner, but I'm
> still interested in more elegant solutions. I've seen the "add-route"
> parameter, but it doesn't appear to support /32s, and only seems to be
> available for "ip nat outside .."
> 
> cheers,
> Dale
> 
> 
> On Nov 22, 2007 2:10 PM, a. rahman isnaini r. sutan
> <risnaini at speed.net.id> wrote:
>>
>> New to me... never been working by translating internal IP to 'external IP
>> which is not directly connected to the router...'
>> If this work pretty well, it'd be good and some ideas might come up later...
>>
>> rgs
>> a. rahman isnaini r.sutan
>>
>> ----- Original Message -----
>> From: "Dale Shaw" <dale.shaw+cisco-nsp at gmail.com>
>> To: <cisco-nsp at puck.nether.net>
>> Sent: Thursday, November 22, 2007 5:39 AM
>> Subject: [c-nsp] IOS NAT,translating source into IP not included in routing
>> table
>>
>>
>>> Hi,
>>>
>>> My Google-fu is failing me..
>>>
>>> Scenario:
>>>
>>> FastEthernet0 (NAT inside), IP 10.20.20.1/24
>>> Tunnel1 (NAT outside), IP 172.16.0.1/24
>>> DMVPN environment with EIGRP
>>> Performing static source address translation from hosts in
>>> 10.20.20.0/24 to 192.168.20.x
>>>
> [...]
>>> The router will happily translate 10.20.20.50 etc. into any arbitrary
>>> IP, as per the "ip nat inside .." command, but return traffic is
>>> unrouteable because there is no routing table entry for 192.168.20.5
>>> in other routers in the AS.
>>>
>>> At present, I'm adding and redistributing a static host route like so:
>>>
>>> ip route 192.168.20.5 255.255.255.255 FastEthernet0 10.20.20.2
>>>
>>> ..And as expected, 192.168.20.5/32 appears in the routing table and
>>> packets know how to come back to this router.
>>>
>>> It's a bit ugly/counter-intuitive though, don't you think? Is there a
>>> more elegant way? (perhaps specifying Null0 in the static route would
>>> be nicer)
>>> I have a mix of 12.3 and 12.4 IOS in the environment so while I'm
>>> happy to hear about any better methods, ideally I'm looking for
>>> something that will work on all versions.
>>>
>>> cheers,
>>> Dale
> _______________________________________________
> cisco-nsp mailing list  cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/
>

More information about the cisco-nsp mailing list