[c-nsp] IP Nat help

Ziv Leyes zivl at gilat.net
Wed Nov 10 03:29:04 EST 2010 

You could use a 255 addresses pool like:
ip nat pool NAT 172.16.10.1 172.16.10.254

then perform nat, using the pool, this way:

access-list 1 permit 172.16.1.0 0.0.0.255

ip nat inside source list 1 pool NAT reversible

But this won't guarantee that 172.16.1.x will be necessary mapped to 172.16.10.x
If you want this to be fixed, then yes, you will need one inside/outside mapping for each address, but you only need 1 mapping for each, not 2x254 as you said.
This mapping is actually for the outside/inside, but will also be used for the inside/outside.

It will look something like this:

ip nat inside source static 172.16.1.1 172.16.10.1
ip nat inside source static 172.16.1.2 172.16.10.2
...
...
ip nat inside source static 172.16.1.254 172.16.10.254

Fastethernet 0/0
ip nat outside

Fastethernet 0/1
ip nat inside

Hope this helps
Ziv


-----Original Message-----
From: cisco-nsp-bounces at puck.nether.net [mailto:cisco-nsp-bounces at puck.nether.net] On Behalf Of Stephane MAGAND
Sent: Tuesday, November 09, 2010 9:23 PM
To: cisco-nsp at puck.nether.net
Subject: [c-nsp] IP Nat help

Hi


I request a small help because i never use Nat on Cisco router.


I have a Cisco with two interface:



Fastethernet 0/0
     Description Wan Interface
     ip address 192.168.1.2 255.255.255.252

Fastethernet 0/1
     Description Lan Interface
     ip address 172.16.1.254 255.255.255.0

With BGP, neighborg 192.168.1.1
no NAT.


I want NAT all packet from the LAN interface at destination of on ip class:


if a user of 172.16.1.xx want access to 172.17.1.xx:
   all IP are "changed":
172.16.1.1 => 172.16.10.1
172.16.1.2 => 172.16.10.2
172.16.1.3 => 172.16.10.3
<...>
172.16.1.254 => 172.16.10.254

The 172.17.1.xx see only "172.16.10.xx"


anyone know the process ?

creation 2x254 ip nat inside/outside ?


Thanks for your help
_______________________________________________
cisco-nsp mailing list  cisco-nsp at puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

 
 
************************************************************************************
This footnote confirms that this email message has been scanned by PineApp Mail-SeCure for the presence of malicious code, vandals & computer viruses.
************************************************************************************




The information contained in this e-mail message and its attachments is confidential information intended only for the use of the individual or entity named above. If the reader of this message is not the intended recipient, you are hereby notified that any dissemination, distribution or copying of this communication is strictly prohibited. If you have received this communication in error, please notify us immediately by replying to the sender, and then delete the message from your computer.  Thank you!

******** This mail was sent via Mail-SeCure System.********



 
 
************************************************************************************
This footnote confirms that this email message has been scanned by
PineApp Mail-SeCure for the presence of malicious code, vandals & computer viruses.
************************************************************************************

More information about the cisco-nsp mailing list