From: Deepesh Chouhan (deepesh@cisco.com)
Date: Fri Nov 01 2002 - 04:18:41 GMT-3
Hi
For inside : NAT always routes the packet and then NATS them. So i guess
match ip next hop will work for every packet
thanks
deepesh
> -----Original Message-----
> From: nobody@groupstudy.com [mailto:nobody@groupstudy.com]On Behalf Of
> Hunt Lee
> Sent: Thursday, October 31, 2002 7:57 PM
> To: 'David C Prall'
> Cc: 'ccielab@groupstudy.com'
> Subject: RE: NAT translation problem
>
>
> Then if the requirement says that I can't use "match ip address"
> nor "match
> interface", then does any one know how to achieve this ??
>
> The only one I can think of is "match ip next-hop", yet NAT only works on
> the first few packets (which I couldn't understand). Has anybody else had
> this problem before??
>
> br2.offline(config-route-map)#match ip next-hop ?
> <1-99> IP access-list number
> <1300-1999> IP access-list number (expanded range)
> WORD IP standard access-list name
> prefix-list Match entries of prefix-lists
> <cr>
>
> Hunt
>
>
> -----Original Message-----
> From: David C Prall [mailto:dcp@dcptech.com]
> Sent: Friday, 1 November 2002 12:49 PM
> To: CCIE Lab Groupstudy.Com
> Subject: RE: NAT translation problem
>
>
> You need to use an extended access-list within your route-map that defines
> the destination addresses. And you'll only need the match ip address.
>
> http://www.cisco.com/en/US/tech/tk648/tk361/technologies_tech_note
> 09186a0080
> 093fca.shtml
>
> --
> David C Prall dcp@dcptech.com http://dcp.dcptech.com
>
> > -----Original Message-----
> > From: nobody@groupstudy.com [mailto:nobody@groupstudy.com]On Behalf Of
> > Hunt Lee
> > Sent: Thursday, October 31, 2002 9:14 PM
> > To: 'ccielab@groupstudy.com'
> > Subject: NAT translation problem
> >
> >
> > I have configured a 3 routers EBGP (see picture below). What I
> am trying
> > to achieve is that when a packet is forwarded to RTB, the packet
> > will have a
> > sournce address from 205.113.50.0/23; when a packet is forwarded to
> > RTC, the packet must have a source address of 207.36.76.0/23.
> >
> > For going to RTB, I based this on saying if the outgoing interface for
> > the packet is s0/0 (the int to RTB), then this packet must be for RTB
> > (hence NAT range 205.113.50.0/23).
> >
> > As for going to RTC, I based this on if the Next-Hop IP for the packet
> > is 207.36.65.254, then this packet destination must be for RTC, hence
> > NAT range 207.36.76.0/23).
> >
> > RTB RTC
> > \ /
> > RTA
> > |
> > 10.0.0.0/8 (Inside network)
> >
> > The thing is, for the packets towards RTB, the NAT works fine.
> >
> > But for the packets towards RTC, it works for the first few
> > packets (i.e. I
> > could see it on "show ip nat translations" & debug messages, but anytime
> > after
> > that (even when the NAT entries have expired, it would not be
> > able to be NAT
> > again.
> >
> > here's RTA config...
> >
> > interface FastEthernet0/0
> > description Inside NAT
> > ip address 10.1.1.1 255.255.0.0
> > ip nat inside
> > duplex auto
> > speed auto
> >
> > interface Serial0/0
> > description to Outside ISP 1 - RTB
> > ip address 205.113.49.253 255.255.255.252
> > ip nat outside
> > clockrate 64000
> >
> > interface Serial0/1
> > description to Outside ISP 2 - RTC
> > ip address 207.36.65.253 255.255.255.252
> > ip nat outside
> > clockrate 64000
> >
> > ip nat pool PoolOne 205.113.50.1 205.113.51.254 netmask
> 255.255.254.0 type
> > match-host
> > ip nat pool PoolTwo 207.36.76.1 207.36.76.254 netmask 255.255.254.0 type
> > match-host
> > ip nat inside source route-map ISP1 pool PoolOne
> > ip nat inside source route-map ISP2 pool PoolTwo
> >
> > access-list 1 permit 10.0.0.0 0.255.255.255
> > access-list 3 permit 207.36.65.254
> >
> > route-map ISP2 permit 10
> > match ip address 1
> > match ip next-hop 3
> > !
> > route-map ISP1 permit 10
> > match ip address 1
> > match interface Serial0/0
> >
> >
> > RTA#sh ip route
> > Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B -BGP
> > D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
> > N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
> > E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP
> > i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia -
> IS-IS inter
> > area
> > * - candidate default, U - per-user static route, o - ODR
> > P - periodic downloaded static route
> >
> > Gateway of last resort is not set
> >
> > 1.0.0.0/32 is subnetted, 1 subnets
> > B 1.1.1.1 [20/0] via 205.113.49.254, 00:04:12
> > 2.0.0.0/32 is subnetted, 1 subnets
> > B 2.2.2.2 [20/0] via 207.36.65.254, 00:04:12
> > 3.0.0.0/32 is subnetted, 1 subnets
> > C 3.3.3.3 is directly connected, Loopback0
> > 205.113.49.0/30 is subnetted, 1 subnets
> > C 205.113.49.252 is directly connected, Serial0/0
> > 207.36.65.0/30 is subnetted, 1 subnets
> > C 207.36.65.252 is directly connected, Serial0/1
> > 10.0.0.0/16 is subnetted, 1 subnets
> > C 10.1.0.0 is directly connected, FastEthernet0/0
> > RTA#
> >
> > Any help will be greatly appreciated.
> >
> > Regards,
> > H.
This archive was generated by hypermail 2.1.4 : Tue Dec 03 2002 - 07:22:50 GMT-3