[c-nsp] FW: NAT question.

Troy Beisigl troy at i2bnetworks.com
Mon Sep 17 16:41:45 EDT 2007 

Hi Josh,

I can see how that would be confusing. I should have stated that router C
belongs to a customer in our colo and that their internet access is through
our network. The core router mentioned is ours and router A,B and C all
belong to our customer. 

Troy Beisigl


-----Original Message-----
From: Higham, Josh [mailto:jhigham at epri.com] 
Sent: Monday, September 17, 2007 1:23 PM
To: Troy Beisigl
Subject: RE: [c-nsp] NAT question.

Based on this comment, your nat is the reverse of what you want.

This translation table means that router C is translating the SOURCE IP
ADDRESS from 10.2.0.1 to 66.X.A.99 when sending traffic TO  66.X.Y.129.
If the 10.x network is outside your network, and you want to NAT so that
your core doesn't see 10.x addresses, then you need to nat the outside
traffic, which is the opposite of most configurations.

Hope that helps,
Josh

> -----Original Message-----
> From: cisco-nsp-bounces at puck.nether.net 
> [mailto:cisco-nsp-bounces at puck.nether.net] On Behalf Of Troy Beisigl
> Sent: Monday, September 17, 2007 10:33 AM
> To: 'Vincent De Keyzer'
> Cc: cisco-nsp at puck.nether.net
> Subject: Re: [c-nsp] NAT question.
> 
> sh ip nat translations
> Pro Inside global         Inside local          Outside local
> Outside global
> icmp 66.X.A.99:9893    10.2.0.1:9893         66.X.Y.129:9893
> 66.X.Y.129:9893
> 
> 
> I know that it the router is not doing NAT correctly because 
> even though is
> shows up in the tables, our core routers are seeing the 10. 
> address and not
> the public address. Below is from the console of one of our 
> core routers
> that router C hands off traffic to for the outside world. 
> 
> Sep 17 17:17:20: ICMP: dst (10.2.0.1) host unreachable sent 
> to 66.X.Y.129
> 
> 
> 
> Troy Beisigl
> 
> -----Original Message-----
> From: Vincent De Keyzer [mailto:vincent at autempspourmoi.be] 
> Sent: Monday, September 17, 2007 6:04 AM
> To: 'Troy Beisigl'
> Cc: cisco-nsp at puck.nether.net
> Subject: RE: [c-nsp] NAT question.
> 
> > packets from the Ethernet of Router A do not seem to get 
> nat'd, however to
> > show up in the nat translations table. 
> 
> What do you mean by that? Please post outputs of "sh ip nat 
> tran" for both
> 192.168 and 10. What makes you think that don't "get nat'd" ?
> 
> Vincent
> 
> 
> _______________________________________________
> cisco-nsp mailing list  cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/
>

More information about the cisco-nsp mailing list