1. Home
  2. Cisco Certification
  3. Sample NAT config

Sample NAT config

ip nat pool test 172.16.17.20 172.16.17.30 netmask 255.255.255.0 ip nat inside source list 1 pool test ! int s0 ip address 10.1.1.1 255.255.255.0 ip nat outside ! int e0 ip address 192.168.1.1 255.255.255.0 ip nat inside ! int loopback 0 ip address 172.16.17.1 255.255.255.0 ! router rip network 10.0.0.0 network 172.16.0.0 ! access-list 1 permit 192.168.1.0 0.0.0.255

-----------------------------------------------------------------------------------

In this configuration why would you assign the loopback interface

172.16.17.1?? Why wouldn't you advertise the 192.168.1.0 network? And last but not least if your NATing to a 172.16.17.20 address how does the external host send the packet back to the serial interface when it has an address of 10.1.1.1? Would't the packet have a Source address of the new nated address (172.16.17.20) and the destination of (External Host)? How does it find its way back to the S0 10.1.1.1 network?

Thanks

Reply to
Matt
Loading thread data ...

-----------------------------------------------------------------------------------

Because in this example it is the interface to the "virtual network" you want to advertise to the rest of the "outside" world.

Because in this example (and that's all it is, an example) that's the "inside" network you do NOT want to advertise to the rest of the world.

Go back to the basics - yes, a packet coming back to this router will have a destination address of 172.16.17.20. But routers it passes through on its way to your router are only interested in the Layer 3 Network Address of the destination network, so they will look for a 172.16.0.0 entry on their routing tables and associated interface/next hop (or failing that a default route to forward the packet to). When the packet arrives at the router at the other end of 10.1.1.1 it's the routing table there that tells it to forward any 172.16.0.0 destined packets to

10.1.1.1 (your router). Remember IP routing is a connectionless, best effort process.

It's only when the 172.16.17.20 destined packet arrives at your router is NAT applied and that "outside" address is mapped to the actual "inside" (192.168.1.0) network address of the host.

When many of these processes and features are described in texts and training courses you must remember to put the process into the complete internetworking context and not keep all the bits and pieces isolated.

Aubrey

Reply to
Aubrey Adams

Thank you so much for your help, I took a break from doing alot of Cisco work and know I'm coming back to it. As you can see I have been making some brain farts. Thank you again for helping me out, you answered my questions.

Matt

Reply to
Matt

You're welcome - glad to help.

One other thing I was going to mention was that many NAT examples sometimes cause confusion by always using RFC 1597 private network addresses everywhere, especially as outside addresses. I think the confusion is due in part to new students in the area thinking that all serial/WAN links are to the Internet, this is fair enough given that may all they can relate to - however, they need to quickly realise that corporate WAN systems exist totally independent of the Internet.

btw are you the Matt who has signed up to networking-forum.com?

cheers Aubrey

Reply to
Aubrey Adams

Thanks again, and yes I am the Matt who signed to the networking-forum. I really like that site, maybe if we got practice lab of NAT in overlapping networks this would help out. Also btw I was reading one of the labs on how to setup a router on a cable mode. What is the command to have an interface use DHCP as an IP address and in what IOS version is this a feature?

Thanks again

Matt

Reply to
Matt

Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.