From: Forest Riek (forestr@xxxxxxx)
Date: Sat Nov 04 2000 - 05:58:48 GMT-3
Hi Fred,
Since you are using a IP nat pool, there is no global ip address to inside
address translation until the inside address tempts to go out. That is why
your ping is not functioning. The only way to be able to ping from the outside
to a global address is to configure static IP nat addresses.
You have the same problem in a PIX. The reason being is due to the security
level assigned to the interfaces. Your 'outside' interface would have a lower
value then your 'inside' interface. Because of this you have to have static IP
nat configured and you have to have a ACL or conduit to allow the traffic to
flow.
I hope this helps.
Forest
Sam Munzani wrote:
> I will not do one-to-one mapping in order. It will map internal to external
> address in order it receives request. I mean if your first internal host
> .254 tries to go out it will get .1 address from the pool.
>
> You can do it easily in PIX but don't know how to do it under router.
>
> Sam
>
> > How do you NAT a whole internal block of network to another block, which
> > is global network? For example, 30.252.25.0/24 nat to 60.100.1.0/24. I
> > have use the following command "IP nat inside source network 30.252.25.0
> > 60.100.1.0 /24". Which suppose to map 30.252.25.1-->60.100.1.1,
> > 30.252.25.2-->60.100.1.2 and so on. It doesn't seen to work corretly.
> > When I try to ping 60.100.1.1 from outside, which suppose to nat to
> > 30.252.25.1, it didn't work. However, when I ping with 60.100.1.2, it
> > works. I don't want to put 254 static map statment in the router that
> > map each internal IP to the global IP. Please help!!!!!
> >
> > Fred
> >
This archive was generated by hypermail 2.1.4 : Thu Jun 13 2002 - 08:25:41 GMT-3