[c-nsp] Static Nat IOS
Bunny Singh
jump2fly82 at yahoo.com
Wed Mar 6 07:15:06 EST 2013
Hi,
Yeah it works, thanks for your support.
Can you please provide some good link on which i can understand the working of different NAT command.
Regards
DS
________________________________
From: Peter Rathlev <peter at rathlev.dk>
To: Bunny Singh <jump2fly82 at yahoo.com>
Cc: "cisco-nsp at puck.nether.net" <cisco-nsp at puck.nether.net>
Sent: Wednesday, March 6, 2013 2:24 PM
Subject: Re: [c-nsp] Static Nat IOS
I think it's a little unclear exactly what you want to accomplish.
On Mon, 2013-03-04 at 06:24 -0800, Bunny Singh wrote:
> I have 3 interfaces on my 2911, out of which gig0/0 is used for
> outside, gig0/1 is used as a inside and gig0/2 is used for management
> & nms alert.
The default route on your 2911 points at 10.25.17.9 and this address
belongs to the interface you define as "ip nat inside" and call "inside"
in your descriptions. This is a little confusing though perfectly legal.
>
> Now i have a requirement to do the ping on WAN ip of my next hop on
> inside interface gig0/1 from NMS which are lies in gig0/2.
>
> MY inside connecting router is maintained by some one else and has
> allowed only 8 ip's (10.14.29.8/29)
Is that the router with the address 10.25.17.9 on the inside interface?
> through which i can access, now i
> want to use one of the ip
One of what IP addresses?
> so that i can NAT my nms ip (172.31.4.22) so
> that the nms can ping my other router wan ip (10.25.17.9) on inside
> network. Can any body tell me the static NAT config.
I've tried assembling a diagram of what your network looks like.
|
| 10.14.29.8/29
|
| .9
+------+
| R1 |
+------+
| .17
|
| "outside" 172.25.20.16/29
^ |
| | .20
DyNAT +------+ mgmt 172.31.9.0/24 +----+ ? +-----------------+
| | 2911 |------------------------| R3 |---| NMS 172.31.4.22 |
| | +------+ .70 .1 +----+ +-----------------+
| | | .12
| |
Default | "inside" 10.25.17.8/29
| |
V | .9
+------+
| R2 |
+------+
| ?
Is this correct?
And you want 172.31.4.22 (the NMS) to be able to reach 10.25.17.9 (R2)
through the 2911, but presumably R2 currently does not route 172.31.4.22
back to you and you thus need 172.31.4.22 to be translated to something
else, maybe 10.14.29.x? And you need the current NAT configuration to
continue working as it is.
If that is the case you probably need to configure some "ouside NAT":
! *** 2911 ***
interface GigabitEthernet0/2
ip nat outside
!
ip nat outside source static 172.31.4.22 10.14.29.x
!
I'm not exactly sure this would work and I can't test it right now. But
you could give it a try and keep in mind that it might disrupt
something.
--
Peter
More information about the cisco-nsp
mailing list