FW: [f-nsp] NAT / routing /IP fwd issue

Gerlof.Dijk gerlof.dijk at hccnet.nl
Mon Dec 6 17:37:37 EST 2004 

 
 
You have to define a extended ACL

ip nat inside source list 100 pool Nat-Pool overload ip nat pool Nat-Pool
a.b.c.x a.b.c.x netmask 255.255.255.224

access-list 100 deny 192.168.0.0/24 10.0.0.0/24 access-list 100 deny
10.0.0.0/24 192.168.0.0/24 access-list 100 permit 192.168.0.0/24 any
access-list 100 deny 10.0.0.0/24 any

BTW: you can better use a NAT pool instead of an Static NAT address because
static NAT is bidirectional.



-----Oorspronkelijk bericht-----
Van: foundry-nsp-bounces at puck.nether.net
[mailto:foundry-nsp-bounces at puck.nether.net] Namens elliot moore
Verzonden: maandag 6 december 2004 18:37
Aan: foundry-nsp at puck.nether.net
Onderwerp: [f-nsp] NAT / routing /IP fwd issue 

Hello!
I have an 8port ServerIron XL  (Forwarding Traffic to/from multiple sub-nets
In separate broadcast domains)

(For this email, I substitute my real ip range with aa.bb.cc.0/27)

Setup
====
vlan1 - public IPs   aa.bb.cc.0/27 	- ve1
vlan2 - private IPs  10.0.0.0/24		- ve2
vlan3 - private IPs   192.168.0.0/24 	- ve3
The server-iron is the default gateway for hosts on both private networks

it load-balances traffic from 10.0.0.0/24 to 192.168.0.0/24 And
aa.bb.cc.0/27 -> 10.0.0.0/24 And aa.bb.cc.0/27 -> 192.168.0.0/24


Problem
=======
I NAT a host 192.168.0.15, to a public IP, so it can have Internet access.

My problem is that the server-iron also NATs 192.168.0.15 when it connects
with 10.0.0.0 network. Resulting in a source address of aa.bb.cc.10 The same
happens if I give a public host NAT mapping to a host in the 10.0.0.0
network, If it then connects with a host in the 192.168.0.0 network it is
also natted with a public address.

Is there I can configure the server-iron to only NAT for access to 0.0.0.0
(Internet access) and not 10.0.0.0/192.168.0.0


Thanks in advance!
ells..




helpful config extracts ?
=================

SW: Version 07.3.03T12

#sh ip route
     Destination      	 NetMask           	Gateway           Port
Cost 
   Type
1     10.0.0.0          	255.255.255.0     	0.0.0.0
Ve 2   1 
      D
2     aa.bb.cc.0     	255.255.255.224   	0.0.0.0           	Ve 1
1    
   D
3     192.168.0.0       	255.255.255.0     	0.0.0.0
Ve 3   1 
      D
4     0.0.0.0           	0.0.0.0           		aa.bb.cc.1
Ve 1   1  
     S

ip forward
ip address 192.168.0.254 255.255.255.0
ip nat inside
ip nat  inside source static 192.168.0.15 aa.bb.cc.10

_______________________________________________
foundry-nsp mailing list
foundry-nsp at puck.nether.net
http://puck.nether.net/mailman/listinfo/foundry-nsp

More information about the foundry-nsp mailing list