Re: dynamic NAT and PAT on IOS

Tauseef,

I Really cant say what deployment scenario you have, but I have a working
solution that reference multiple NAT Inside all with overload command,
also what you should understand with PAT ; its more with Port number, in
scenario where the first Public IP address can still be PAT, the IOS will
continue to used...
see below the little example...
 if you really interested in load balancing the address... why not used
same example and allocate with Public IP address to certain subnet of your
organization.. using the route-map it definitely will work out.

ip nat pool INTERNET 248.255.248.90 248.255.248.90 prefix-length 30
ip nat pool LINK-1 10.0.1.2 10.0.1.2 prefix-length 30
ip nat pool Link-2 10.35.242.118 10.35.242.118 prefix-length 30
!
ip nat inside source route-map LINK pool LINK overload
ip nat inside source route-map INTERNET pool INTERNET overload
ip nat inside source route-map LINK-2 pool LINK-2 overload

!
route-map LINK permit 10
 match ip address WORKS
 match interface GigabitEthernet0/2
!
route-map INTERNET permit 10
 match ip address WORKS-LAN
 match interface GigabitEthernet0/1.10
!
route-map LINK-2 permit 10
 match ip address WORKS
 match interface GigabitEthernet0/0
!
!
!
ip access-list standard WORKOUT
 permit 172.16.21.0 0.0.0.255
!
ip access-list extended WORKOUT-LAN
 deny ip any 172.16.0.0 0.0.255.255
 permit ip 172.16.21.0 0.0.0.255 any

Expert kindly correct me if im wrong.

ABDULLAHI BEGE
Snr. Network Engineer.
CCIE# 37630 RnS.

On Thu, Oct 3, 2013 at 11:48 AM, Tauseef Khan <tasneemjan_at_googlemail.com>wrote:

> thanks Prince, That's ideally I want but as previously mentioned in 12.4
> you can't have 2 <ip nat inside> statements. The concluded config form your
> above config will only be
> ip nat inside source list LAN_TRAFFIC interface g0/0 overload () this
> command will overwrite any previous ip nat inside staement
>
> secondly, if I nat to a pool with overlaod it will pat but not load
> balance across all the pool ip address. ie it will first pat 65000 ips to
> first ip from pool, then to second ip and so on and so forth.
>
> Kind regards
>
> Tauseef
> mobile: +44 7837209187
>
>
> On 3 October 2013 11:38, Prince Emirate <begeieia_at_googlemail.com> wrote:
>
>> Tauseef,
>>
>> I'm not sure the whether this will suffice your requirement....
>>
>> ip nat pool FIX-ME 204.12.1.1 204.12.1.31 prefix-length 27
>> !
>> ip access-list extended sERVER_TRAFFIC
>> permit ip 155.1.1.0 0.0.0.31 any
>> deny ip any any
>> !
>> ip nat inside source list NAT_TRAFFIC pool FIX-ME
>>
>> access-l extended LAN_TRAFFIC
>> permit ip 155.1.1.32 0.0.0.31
>> permit ip 155.1.1.64 0.0.0.31
>> !
>> !
>> ip nat inside source list LAN_TRAFFIC interface g0/0 overload
>>
>>
>>
>> Expert Kindly correct me if i'm wrong.
>>
>>
>>
>>
>>
>> ABDULLAHI BEGE
>> Snr. Network Engineer.
>> CCIE# 37630 RnS.
>>
>>
>> On Wed, Oct 2, 2013 at 11:46 PM, Joe Sanchez <marco207p_at_gmail.com> wrote:
>>
>>> Give and example of what you want . Because it is doable based on what
>>> I've seen so far.
>>>
>>> Regards,
>>> Joe Sanchez
>>>
>>> ( please excuse the brevity of this email as it was sent via a mobile
>>> device. Please excuse misspelled words or sentence structure.)
>>>
>>> On Oct 2, 2013, at 9:28 AM, Tauseef Khan <tasneemjan_at_googlemail.com>
>>> wrote:
>>>
>>> > yes you are right Prince but what I am looking to do is 1-1 nat to a
>>> /27
>>> > pool and rest PAT to the Public interface IP address like on ASA, which
>>> > looks not achievable on up to ios 12.4 not sure about 15.x but I will
>>> test
>>> > that.
>>> >
>>> > Kind regards
>>> >
>>> > Tauseef
>>> > mobile: +44 7837209187
>>> >
>>> >
>>> > On 2 October 2013 13:49, Prince Emirate <begeieia_at_googlemail.com>
>>> wrote:
>>> >
>>> >> In general i think already PAT to the public ip address since it's a
>>> /24
>>> >> to 10 public address. Thats 65535 open connection from internal to a
>>> >> single public address. Frankly I hard believe u will exhaust the
>>> public
>>> >> address.
>>> >> I have a deployment of 10.0.0.0/8 to a /29 public, nd we still
>>> reserved
>>> >> sm for static NAT.
>>> >>
>>> >> Kindly correct me experts if im wrong.
>>> >> On 1 Oct 2013 12:05, "Sadiq Yakasai" <sadiqtanko_at_gmail.com> wrote:
>>> >>
>>> >>> See link below. Alot of examples but none of which is exact to what
>>> you
>>> >>> are
>>> >>> asking for:
>>> >>>
>>> >>>
>>> >>>
>>> http://www.cisco.com/en/US/docs/ios-xml/ios/ipaddr_nat/configuration/12-4/iadnat-addr-consv.html#GUID-2B90342E-DFEE-4593-A4A9-47A17A657ACC
>>> >>>
>>> >>>
>>> >>>
>>> >>> On Tue, Oct 1, 2013 at 11:44 AM, Tauseef Khan <
>>> tasneemjan_at_googlemail.com
>>> >>>> wrote:
>>> >>>
>>> >>>> Can you have multiple <ip nat inside> statements? i don't think
>>> >>>>
>>> >>>> Kind regards
>>> >>>>
>>> >>>> Tauseef
>>> >>>> mobile: +44 7837209187
>>> >>>>
>>> >>>>
>>> >>>> On 1 October 2013 11:16, Sadiq Yakasai <sadiqtanko_at_gmail.com>
>>> wrote:
>>> >>>>
>>> >>>>> I havent done NAT on IOS in a while but my first reaction to your
>>> query
>>> >>>>> would be, yes.
>>> >>>>>
>>> >>>>> How about creating a second NAT statement for overloading the
>>> interface
>>> >>>>> after the first one that references the pool? Of course, you want
>>> to
>>> >>> test
>>> >>>>> this out! ;-)
>>> >>>>>
>>> >>>>> HTH a bit.
>>> >>>>>
>>> >>>>> Sadiq
>>> >>>>>
>>> >>>>>
>>> >>>>> On Tue, Oct 1, 2013 at 11:03 AM, Tauseef Khan <
>>> >>> tasneemjan_at_googlemail.com>wrote:
>>> >>>>>
>>> >>>>>> Appreciate if some one could clarify. Is it possible to configure
>>> NAT
>>> >>> and
>>> >>>>>> PAT similtuneously on IOS 12.4x
>>> >>>>>>
>>> >>>>>> I need to nat the internal /24 to a pool of 10 public IP
>>> addresses and
>>> >>>>>> rest
>>> >>>>>> to the Public Interface IP address of the router so that when the
>>> 10
>>> >>>>>> address pool is exhausted rest of the internal IPs are pated to
>>> >>> Interface
>>> >>>>>> IP address of Router like on ASA firewalls.
>>> >>>>>>
>>> >>>>>>
>>> >>>>>>
>>> >>>>>>
>>> >>>>>> Kind regards
>>> >>>>>>
>>> >>>>>> Tauseef
>>> >>>>>> mobile: +44 7837209187
>>> >>>>>>
>>> >>>>>>
>>> >>>>>> Blogs and organic groups at http://www.ccie.net
>>> >>>
>>> _______________________________________________________________________
>>> >>>>>> Subscription information may be found at:
>>> >>>>>> http://www.groupstudy.com/list/CCIELab.html
>>> >>>>>
>>> >>>>>
>>> >>>>> --
>>> >>>>> CCIEx2 (R&S|Sec) #19963
>>> >>>
>>> >>>
>>> >>> --
>>> >>> CCIEx2 (R&S|Sec) #19963
>>> >>>
>>> >>>
>>> >>> Blogs and organic groups at http://www.ccie.net
>>> >>>
>>> >>>
>>> _______________________________________________________________________
>>> >>> Subscription information may be found at:
>>> >>> http://www.groupstudy.com/list/CCIELab.html
>>> >
>>> >
>>> > Blogs and organic groups at http://www.ccie.net
>>> >
>>> > _______________________________________________________________________
>>> > Subscription information may be found at:
>>> > http://www.groupstudy.com/list/CCIELab.html

Blogs and organic groups at http://www.ccie.net
Received on Thu Oct 03 2013 - 16:53:22 ART