NAT Virtual Interface

October 25, 2008 at 9:20 pm | In IP Services, NAT | Leave a Comment

IEWB1 Ver5 Task 13.29

Configure NAT on R5 without using any ip nat inside or outside command, so that traffic source from VLAN8 on SW2 is seen as being sourced from 155.1.188.0/24.

Configuration

R5#
int e0/0
 ip nat enable
int s0/0
 ip nat enable
int s0/1
 ip nat enable
router rip
 redistribute static metric 1

ip nat pool NET188 155.1.188.1 155.1.188.254 netmask 255.255.255.0 add-route
ip nat source list VLAN8 pool NET188
!
!
ip access-list standard VLAN8
 permit 155.1.8.0 0.0.0.255

Verification

Rack1SW2#ping 155.1.45.4 source vlan8
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 155.1.45.4, timeout is 2 seconds:
Packet sent with a source address of 155.1.8.8
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 42/47/51 ms

Rack1R5#sh ip nat tran
Pro Inside global      Inside local       Outside local      Outside global
Rack1R5#sh ip nat ?
  nvi           NVI information
  statistics    Translation statistics
  translations  Translation entries
Rack1R5#sh ip nat nvi translation
Pro Source global      Source local       Destin  local      Destin  global
--- 155.1.188.1        155.1.8.8          ---                ---

 

Doc CD Navigation

  • Cisco IOS IP Addressing Services Configuration Guide, Release 12.4
  • Part 6: NAT
  • Configuring NAT for IP Address Conservation
  • How to Configure NAT for IP Address Conservation
  • Configuring the NAT Virtual Interface

TCP Load Distribution with NAT

October 25, 2008 at 1:03 pm | In IP Services, NAT | Leave a Comment

IEWB1 Vol5 Task 13.26

Configure R5 so that when SW2 telnets to the IP 155.1.58.55, it is redirected to R1 R2 R4 in an even distribution.

 

R5#

ip nat pool SERVERS netmask 255.255.255.0 type rotary
 address 155.1.0.1 155.1.0.2
 address 155.1.0.4 155.1.0.4
ip nat inside destination list TELNET pool SERVERS
!
!
ip access-list extended TELNET
 permit tcp any host 155.1.58.55 eq telnet

Rack1SW2#
ip route 155.1.58.55 255.255.255.255 155.1.58.5

Alternatively, we can replace a static route on SW2 with an ip alias command on R5

Rack1R5(config)#ip alias ?
  A.B.C.D  IP address to alias to a port

Rack1R5(config)#ip alias 155.1.58.55 ?
  <0-65535>  IP port number

Rack1R5(config)#ip alias 155.1.58.55 23

 

 
Verification from SW2

Rack1SW2#telnet 155.1.58.55
Trying 155.1.58.55 … Open

Rack1R1#exit

[Connection to 155.1.58.55 closed by foreign host]
Rack1SW2#telnet 155.1.58.55
Trying 155.1.58.55 … Open

Rack1R2#exit

[Connection to 155.1.58.55 closed by foreign host]
Rack1SW2#telnet 155.1.58.55
Trying 155.1.58.55 … Open

Rack1R4#exit

[Connection to 155.1.58.55 closed by foreign host]
Rack1SW2#telnet 155.1.58.55
Trying 155.1.58.55 … Open

Rack1R1#exit

NAT for overlapping networks

October 25, 2008 at 11:36 am | In IP Services, NAT | Leave a Comment

IEWB1 v5 Task 13.25

R1 and R2 both have a new loopback1 with IP address of 10.0.0.0/24. Configure R1 so that R2 can access R1 loopback using IP of 11.0.0.0/24, while that traffic from R2 appear to R1 as from 22.0.0.0/24 subnet.

 

Configuration

Rack1R1#sh run | in interface|nat|ip route

interface Loopback1
 ip add 10.0.0.1 255.255.255.0
 ip nat inside
interface Serial0/0
 ip nat outside
interface Serial0/1
 ip nat outside

router rip
 network 11.0.0.0

ip route 11.0.0.0 255.255.255.0 Null0
ip route 22.0.0.0 255.255.255.0 Serial0/1

ip nat pool R2_LOOP1_POOL 22.0.0.1 22.0.0.254 prefix-length 24
ip nat inside source static network 10.0.0.0 11.0.0.0 /24
ip nat outside source list R2_LOOP1_REAL pool R2_LOOP1_POOL

 

Debugging

See a debugging sample when there’s a typo mistake in the NAT POOL
ip nat outside source list R2_LOOP1_REAL pool R2_LOO1_POOL
Rack1R1#debug ip nat detailed

*Mar  1 01:12:35.771: NAT: alloc — pool R2_LOO1_POOL not found
*Mar  1 01:12:35.775: NAT: failed to allocate address for 10.0.0.2, list/map R2_LOOP1_REAL
*Mar  1 01:12:35.775: NAT*: o: icmp (10.0.0.2, 11) -> (11.0.0.1, 11) [44]    
*Mar  1 01:12:35.775: NAT*: o: icmp (10.0.0.2, 11) -> (11.0.0.1, 11) [44]
*Mar  1 01:12:35.775: NAT*: s=10.0.0.2, d=11.0.0.1->10.0.0.1 [44]
*Mar  1 01:12:35.775: NAT: alloc — pool R2_LOO1_POOL not found
*Mar  1 01:12:35.779: NAT: failed to allocate address for 10.0.0.1, list/map R2_LOOP1_REAL
*Mar  1 01:12:35.779: NAT: translation failed (L), dropping packet s=10.0.0.1 d=10.0.0.2
no ip nat outside source list R2_LOOP1_REAL pool R2_LOO1_POOL
ip nat outside source list R2_LOOP1_REAL pool R2_LOOP1_POOL

Rack1R1#
*Mar  1 01:17:36.987: NAT*: o: icmp (10.0.0.2, 13) -> (11.0.0.1, 13) [46]    
*Mar  1 01:17:36.987: NAT*: o: icmp (10.0.0.2, 13) -> (11.0.0.1, 13) [46]
*Mar  1 01:17:36.991: NAT*: s=10.0.0.2->22.0.0.1, d=11.0.0.1 [46]
*Mar  1 01:17:36.991: NAT*: s=22.0.0.1, d=11.0.0.1->10.0.0.1 [46]
*Mar  1 01:17:36.991: NAT: i: icmp (10.0.0.1, 13) -> (22.0.0.1, 13) [46]    
*Mar  1 01:17:36.991: NAT: s=10.0.0.1->11.0.0.1, d=22.0.0.1 [46]
*Mar  1 01:17:36.991: NAT: s=11.0.0.1, d=22.0.0.1->10.0.0.2 [46]
Doc CD Navigation

  • Cisco IOS IP Addressing Services Configuration Guide, Release 12.4
  • Part 6: NAT
  • Configuring NAT for IP Address Conservation
  • Configuration Examples for Configuring NAT for IP Address Conservation
  • Allowing Overlapping Networks to Communicate Using NAT

 or

  • Translating Overlapping Address: Example

Blog at WordPress.com. | Theme: Pool by Borja Fernandez.
Entries and comments feeds.