[c-nsp] IP Nat help

Andriy Bilous andriy.bilous at gmail.com
Wed Nov 10 04:33:09 EST 2010


You could use the nat pool of type match-host, the last octet will match then

ip nat pool one2one 172.16.10.1 172.16.10.254 netmask 255.255.255.0
type match-host

On Wed, Nov 10, 2010 at 9:29 AM, Ziv Leyes <zivl at gilat.net> wrote:
> You could use a 255 addresses pool like:
> ip nat pool NAT 172.16.10.1 172.16.10.254
>
> then perform nat, using the pool, this way:
>
> access-list 1 permit 172.16.1.0 0.0.0.255
>
> ip nat inside source list 1 pool NAT reversible
>
> But this won't guarantee that 172.16.1.x will be necessary mapped to 172.16.10.x
> If you want this to be fixed, then yes, you will need one inside/outside mapping for each address, but you only need 1 mapping for each, not 2x254 as you said.
> This mapping is actually for the outside/inside, but will also be used for the inside/outside.
>
> It will look something like this:
>
> ip nat inside source static 172.16.1.1 172.16.10.1
> ip nat inside source static 172.16.1.2 172.16.10.2
> ...
> ...
> ip nat inside source static 172.16.1.254 172.16.10.254
>
> Fastethernet 0/0
> ip nat outside
>
> Fastethernet 0/1
> ip nat inside
>
> Hope this helps
> Ziv
>
>
> -----Original Message-----
> From: cisco-nsp-bounces at puck.nether.net [mailto:cisco-nsp-bounces at puck.nether.net] On Behalf Of Stephane MAGAND
> Sent: Tuesday, November 09, 2010 9:23 PM
> To: cisco-nsp at puck.nether.net
> Subject: [c-nsp] IP Nat help
>
> Hi
>
>
> I request a small help because i never use Nat on Cisco router.
>
>
> I have a Cisco with two interface:
>
>
>
> Fastethernet 0/0
>     Description Wan Interface
>     ip address 192.168.1.2 255.255.255.252
>
> Fastethernet 0/1
>     Description Lan Interface
>     ip address 172.16.1.254 255.255.255.0
>
> With BGP, neighborg 192.168.1.1
> no NAT.
>
>
> I want NAT all packet from the LAN interface at destination of on ip class:
>
>
> if a user of 172.16.1.xx want access to 172.17.1.xx:
>   all IP are "changed":
> 172.16.1.1 => 172.16.10.1
> 172.16.1.2 => 172.16.10.2
> 172.16.1.3 => 172.16.10.3
> <...>
> 172.16.1.254 => 172.16.10.254
>
> The 172.17.1.xx see only "172.16.10.xx"
>
>
> anyone know the process ?
>
> creation 2x254 ip nat inside/outside ?
>
>
> Thanks for your help
> _______________________________________________
> cisco-nsp mailing list  cisco-nsp at puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/
>
>
>
> ************************************************************************************
> This footnote confirms that this email message has been scanned by PineApp Mail-SeCure for the presence of malicious code, vandals & computer viruses.
> ************************************************************************************
>
>
>
>
> The information contained in this e-mail message and its attachments is confidential information intended only for the use of the individual or entity named above. If the reader of this message is not the intended recipient, you are hereby notified that any dissemination, distribution or copying of this communication is strictly prohibited. If you have received this communication in error, please notify us immediately by replying to the sender, and then delete the message from your computer.  Thank you!
>
> ******** This mail was sent via Mail-SeCure System.********
>
>
>
>
>
> ************************************************************************************
> This footnote confirms that this email message has been scanned by
> PineApp Mail-SeCure for the presence of malicious code, vandals & computer viruses.
> ************************************************************************************
>
>
>
>
> _______________________________________________
> cisco-nsp mailing list  cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/
>



More information about the cisco-nsp mailing list