Re: dynamic NAT and PAT on IOS

Strange Prince,
what image are you using
i tested on Version 12.4(25d) , 12.4(13r)T and Version 15.2(4)S4
 any new ip nat inside statement overrides the the previous ones.

could you send the output of sh ip nat translations as well and platform /
image details

Kind regards

Tauseef
mobile: +44 7837209187

On 3 October 2013 16:53, Prince Emirate <begeieia_at_googlemail.com> wrote:

> Tauseef,
>
> I Really cant say what deployment scenario you have, but I have a working
> solution that reference multiple NAT Inside all with overload command,
> also what you should understand with PAT ; its more with Port number, in
> scenario where the first Public IP address can still be PAT, the IOS will
> continue to used...
> see below the little example...
> if you really interested in load balancing the address... why not used
> same example and allocate with Public IP address to certain subnet of your
> organization.. using the route-map it definitely will work out.
>
>
> ip nat pool INTERNET 248.255.248.90 248.255.248.90 prefix-length 30
> ip nat pool LINK-1 10.0.1.2 10.0.1.2 prefix-length 30
> ip nat pool Link-2 10.35.242.118 10.35.242.118 prefix-length 30
> !
> ip nat inside source route-map LINK pool LINK overload
> ip nat inside source route-map INTERNET pool INTERNET overload
> ip nat inside source route-map LINK-2 pool LINK-2 overload
>
> !
> route-map LINK permit 10
> match ip address WORKS
> match interface GigabitEthernet0/2
> !
> route-map INTERNET permit 10
> match ip address WORKS-LAN
> match interface GigabitEthernet0/1.10
> !
> route-map LINK-2 permit 10
> match ip address WORKS
> match interface GigabitEthernet0/0
> !
> !
> !
> ip access-list standard WORKOUT
> permit 172.16.21.0 0.0.0.255
> !
> ip access-list extended WORKOUT-LAN
> deny ip any 172.16.0.0 0.0.255.255
> permit ip 172.16.21.0 0.0.0.255 any
>
>
> Expert kindly correct me if im wrong.
>
>
>
>
> ABDULLAHI BEGE
> Snr. Network Engineer.
> CCIE# 37630 RnS.
>
>
> On Thu, Oct 3, 2013 at 11:48 AM, Tauseef Khan <tasneemjan_at_googlemail.com>wrote:
>
>> thanks Prince, That's ideally I want but as previously mentioned in 12.4
>> you can't have 2 <ip nat inside> statements. The concluded config form your
>> above config will only be
>> ip nat inside source list LAN_TRAFFIC interface g0/0 overload () this
>> command will overwrite any previous ip nat inside staement
>>
>> secondly, if I nat to a pool with overlaod it will pat but not load
>> balance across all the pool ip address. ie it will first pat 65000 ips to
>> first ip from pool, then to second ip and so on and so forth.
>>
>> Kind regards
>>
>> Tauseef
>> mobile: +44 7837209187
>>
>>
>> On 3 October 2013 11:38, Prince Emirate <begeieia_at_googlemail.com> wrote:
>>
>>> Tauseef,
>>>
>>> I'm not sure the whether this will suffice your requirement....
>>>
>>> ip nat pool FIX-ME 204.12.1.1 204.12.1.31 prefix-length 27
>>> !
>>> ip access-list extended sERVER_TRAFFIC
>>> permit ip 155.1.1.0 0.0.0.31 any
>>> deny ip any any
>>> !
>>> ip nat inside source list NAT_TRAFFIC pool FIX-ME
>>>
>>> access-l extended LAN_TRAFFIC
>>> permit ip 155.1.1.32 0.0.0.31
>>> permit ip 155.1.1.64 0.0.0.31
>>> !
>>> !
>>> ip nat inside source list LAN_TRAFFIC interface g0/0 overload
>>>
>>>
>>>
>>> Expert Kindly correct me if i'm wrong.
>>>
>>>
>>>
>>>
>>>
>>> ABDULLAHI BEGE
>>> Snr. Network Engineer.
>>> CCIE# 37630 RnS.
>>>
>>>
>>> On Wed, Oct 2, 2013 at 11:46 PM, Joe Sanchez <marco207p_at_gmail.com>wrote:
>>>
>>>> Give and example of what you want . Because it is doable based on what
>>>> I've seen so far.
>>>>
>>>> Regards,
>>>> Joe Sanchez
>>>>
>>>> ( please excuse the brevity of this email as it was sent via a mobile
>>>> device. Please excuse misspelled words or sentence structure.)
>>>>
>>>> On Oct 2, 2013, at 9:28 AM, Tauseef Khan <tasneemjan_at_googlemail.com>
>>>> wrote:
>>>>
>>>> > yes you are right Prince but what I am looking to do is 1-1 nat to a
>>>> /27
>>>> > pool and rest PAT to the Public interface IP address like on ASA,
>>>> which
>>>> > looks not achievable on up to ios 12.4 not sure about 15.x but I will
>>>> test
>>>> > that.
>>>> >
>>>> > Kind regards
>>>> >
>>>> > Tauseef
>>>> > mobile: +44 7837209187
>>>> >
>>>> >
>>>> > On 2 October 2013 13:49, Prince Emirate <begeieia_at_googlemail.com>
>>>> wrote:
>>>> >
>>>> >> In general i think already PAT to the public ip address since it's a
>>>> /24
>>>> >> to 10 public address. Thats 65535 open connection from internal to
>>>> a
>>>> >> single public address. Frankly I hard believe u will exhaust the
>>>> public
>>>> >> address.
>>>> >> I have a deployment of 10.0.0.0/8 to a /29 public, nd we still
>>>> reserved
>>>> >> sm for static NAT.
>>>> >>
>>>> >> Kindly correct me experts if im wrong.
>>>> >> On 1 Oct 2013 12:05, "Sadiq Yakasai" <sadiqtanko_at_gmail.com> wrote:
>>>> >>
>>>> >>> See link below. Alot of examples but none of which is exact to what
>>>> you
>>>> >>> are
>>>> >>> asking for:
>>>> >>>
>>>> >>>
>>>> >>>
>>>> http://www.cisco.com/en/US/docs/ios-xml/ios/ipaddr_nat/configuration/12-4/iadnat-addr-consv.html#GUID-2B90342E-DFEE-4593-A4A9-47A17A657ACC
>>>> >>>
>>>> >>>
>>>> >>>
>>>> >>> On Tue, Oct 1, 2013 at 11:44 AM, Tauseef Khan <
>>>> tasneemjan_at_googlemail.com
>>>> >>>> wrote:
>>>> >>>
>>>> >>>> Can you have multiple <ip nat inside> statements? i don't think
>>>> >>>>
>>>> >>>> Kind regards
>>>> >>>>
>>>> >>>> Tauseef
>>>> >>>> mobile: +44 7837209187
>>>> >>>>
>>>> >>>>
>>>> >>>> On 1 October 2013 11:16, Sadiq Yakasai <sadiqtanko_at_gmail.com>
>>>> wrote:
>>>> >>>>
>>>> >>>>> I havent done NAT on IOS in a while but my first reaction to your
>>>> query
>>>> >>>>> would be, yes.
>>>> >>>>>
>>>> >>>>> How about creating a second NAT statement for overloading the
>>>> interface
>>>> >>>>> after the first one that references the pool? Of course, you want
>>>> to
>>>> >>> test
>>>> >>>>> this out! ;-)
>>>> >>>>>
>>>> >>>>> HTH a bit.
>>>> >>>>>
>>>> >>>>> Sadiq
>>>> >>>>>
>>>> >>>>>
>>>> >>>>> On Tue, Oct 1, 2013 at 11:03 AM, Tauseef Khan <
>>>> >>> tasneemjan_at_googlemail.com>wrote:
>>>> >>>>>
>>>> >>>>>> Appreciate if some one could clarify. Is it possible to
>>>> configure NAT
>>>> >>> and
>>>> >>>>>> PAT similtuneously on IOS 12.4x
>>>> >>>>>>
>>>> >>>>>> I need to nat the internal /24 to a pool of 10 public IP
>>>> addresses and
>>>> >>>>>> rest
>>>> >>>>>> to the Public Interface IP address of the router so that when
>>>> the 10
>>>> >>>>>> address pool is exhausted rest of the internal IPs are pated to
>>>> >>> Interface
>>>> >>>>>> IP address of Router like on ASA firewalls.
>>>> >>>>>>
>>>> >>>>>>
>>>> >>>>>>
>>>> >>>>>>
>>>> >>>>>> Kind regards
>>>> >>>>>>
>>>> >>>>>> Tauseef
>>>> >>>>>> mobile: +44 7837209187
>>>> >>>>>>
>>>> >>>>>>
>>>> >>>>>> Blogs and organic groups at http://www.ccie.net
>>>> >>>
>>>> _______________________________________________________________________
>>>> >>>>>> Subscription information may be found at:
>>>> >>>>>> http://www.groupstudy.com/list/CCIELab.html
>>>> >>>>>
>>>> >>>>>
>>>> >>>>> --
>>>> >>>>> CCIEx2 (R&S|Sec) #19963
>>>> >>>
>>>> >>>
>>>> >>> --
>>>> >>> CCIEx2 (R&S|Sec) #19963
>>>> >>>
>>>> >>>
>>>> >>> Blogs and organic groups at http://www.ccie.net
>>>> >>>
>>>> >>>
>>>> _______________________________________________________________________
>>>> >>> Subscription information may be found at:
>>>> >>> http://www.groupstudy.com/list/CCIELab.html
>>>> >
>>>> >
>>>> > Blogs and organic groups at http://www.ccie.net
>>>> >
>>>> >
>>>> _______________________________________________________________________
>>>> > Subscription information may be found at:
>>>> > http://www.groupstudy.com/list/CCIELab.html

Blogs and organic groups at http://www.ccie.net
Received on Thu Oct 03 2013 - 17:28:17 ART