Simple virtual NAT question
in [Cisco]
|
From: CK on 10 Nov 2006 15:11 > The Virtual NAT option just seemed like a very clean way to connect to > the ISP without having to worry about affecting any other interface or > function of the router (some of which are not under my jurisdiction). > I am just having trouble grasping exactly what the options do, > particularly how the access list comes into play when I simply want to > allow full access from any connected network. Also the defintion of > vrf is unclear. Virtual Interface is nothing but assigning multiple ip to an Interface.Primary Ip wilbe recogonised and secondary Ip is virtually working on same interface.Like in case of VLAN Topology we can t have multiple ips on single interface by creating Subinterfaces. May be it help http://www.gurulabs.com/goodies/routeronastick.php CK
From: sphealey on 10 Nov 2006 16:48 > Virtual Interface is nothing but assigning multiple ip to an > Interface.Primary Ip wilbe recogonised and secondary Ip is virtually > working on same interface.Like in case of VLAN Topology we can t have > multiple ips on single interface by creating Subinterfaces. Are you sure this is the same thing as Virtual NAT, which is a new feature under 12.3T? The examples in the Cisco document "Configuring NAT for IP Address Conservation" do not use more than one IP on the NAT'd interface, although they do apply a NAT pool to that interface. Quoting: "The NAT Virtual Interface (NVI) feature removes the requirement to configure an interface as either NAT inside or NAT outside". sPh
From: CK on 11 Nov 2006 03:08 > Are you sure this is the same thing as Virtual NAT, which is a new > feature under 12.3T? The examples in the Cisco document "Configuring > NAT for IP Address Conservation" do not use more than one IP on the > NAT'd interface, although they do apply a NAT pool to that interface. > > Quoting: "The NAT Virtual Interface (NVI) feature removes the > requirement to configure an interface as either NAT inside or NAT > outside". Virtual Interface is diffrent from Virtual NAT. GO through CISCO ROuter hand book available on CISCO.com for brief specifications for noth. CK
From: Bod43 on 18 Nov 2006 17:49 CK wrote: > > Are you sure this is the same thing as Virtual NAT, which is a new > > feature under 12.3T? The examples in the Cisco document "Configuring > > NAT for IP Address Conservation" do not use more than one IP on the > > NAT'd interface, although they do apply a NAT pool to that interface. > > > > Quoting: "The NAT Virtual Interface (NVI) feature removes the > > requirement to configure an interface as either NAT inside or NAT > > outside". > > Virtual Interface is diffrent from Virtual NAT. > > GO through CISCO ROuter hand book available on CISCO.com for brief > specifications for noth. To the OP:- You should use ip nat inside, ip nat outside. The reason is that there are hundreds of examples and documents available, and years of experience with it. "ip nat enable" is barely documented, I can find only one example on cisco.com which is more complex that I need or want (uses vrf) and is not complete. As you can see no one here is willing/able to assist whereas there is help available with conventional cisco NAT. I have been trying to get it working today and I am not able to so far. int dialer 1 ip nat enable ip nat source list ACL.nat interface Dialer1 overload When I add, yes add, don't need to take anything out NAT comes to life. int dialer 1 ip nat outside int eth 0 ip nat inside ip nat inside source list ACL.nat interface Dialer1 overload c837-k9o3sy6-mz.124-8.bin
From: Bod43 on 18 Nov 2006 18:26 Bod43(a)hotmail.co.uk wrote: > CK wrote: > > > Are you sure this is the same thing as Virtual NAT, which is a new > > > feature under 12.3T? The examples in the Cisco document "Configuring > > > NAT for IP Address Conservation" do not use more than one IP on the > > > NAT'd interface, although they do apply a NAT pool to that interface. > > > > > > Quoting: "The NAT Virtual Interface (NVI) feature removes the > > > requirement to configure an interface as either NAT inside or NAT > > > outside". > > > > Virtual Interface is diffrent from Virtual NAT. > > > > GO through CISCO ROuter hand book available on CISCO.com for brief > > specifications for noth. > > To the OP:- > > You should use ip nat inside, ip nat outside. > > The reason is that there are hundreds of examples and documents > available, and years of experience with it. > > "ip nat enable" is barely documented, I can find only one > example on cisco.com which is more complex that I need or want > (uses vrf) and is not complete. As you can see no one here is > willing/able to assist whereas there is help available with > conventional cisco NAT. > > I have been trying to get it working today and I am not able to > so far. > > int dialer 1 > ip nat enable > ip nat source list ACL.nat interface Dialer1 overload > > When I add, yes add, don't need to take anything out > NAT comes to life. > > int dialer 1 > ip nat outside > > int eth 0 > ip nat inside > > ip nat inside source list ACL.nat interface Dialer1 overloacd > > c837-k9o3sy6-mz.124-8.bin Well! I have had a go with c850-advsecurityk9-mz.124-6.T.bin It seems to work there. I have not tested it properly but by faking up some stuff it seems to do what is expected. interface Loopback0 ip address 1.1.1.1 255.255.255.0 ip nat enable interface BVI1 ip address 10.3.3.2 255.255.255.0 ip nat source list ACL.nat.test interface Loopback0 overload HR#sh ip nat tr HR#sh ip nat nvi tr HR# HR#ping 1.1.1.2 source bvi 1 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 1.1.1.2, timeout is 2 seconds: Packet sent with a source address of 10.3.3.2 ...... Success rate is 0 percent (0/5) HR#sh ip nat tr Pro Inside global Inside local Outside local Outside global HR#sh ip nat nvi tr Pro Source global Source local Destin local Destin global icmp 1.1.1.1:6 10.3.3.2:6 1.1.1.2:6 1.1.1.2:6 HR# So:- Back to the OP's issue. I recommend sticking to the inside/outside thing. It is only one extra line after all and the previous reasons given are valid. ip nat enable is very new and I would not recommend it unless you needed it. If you insisted on using it you could try an IOS update. I will try researching the supported IOS if I Can figure out the Feature to look for.
First
|
Prev
|
Pages: 1 2 Prev: Which router to buy? Next: PIX 7.2: IKE Initiator unable to find policy: Intf 1.. |