- Posts: 17
- Thank you received: 0
CCIE?
- Chicago_Techie
- Topic Author
- Offline
- New Member
Less
More
15 years 9 months ago #29612
by Chicago_Techie
CCIE? was created by Chicago_Techie
Are there any CCNP or CCIE's on board that I might be able to talk to?
Thanks!
Thanks!
- Chicago_Techie
- Topic Author
- Offline
- New Member
Less
More
- Posts: 17
- Thank you received: 0
15 years 9 months ago #29619
by Chicago_Techie
Replied by Chicago_Techie on topic Re: CCIE?
I posed a question back on 3/4/09 regarding a NAT problem I'm having. I think I'm really close to figuring it out but I need that "last bit of assistance."
I am trying to policy nat but I think my ACL is causing problems. I keep getting mixed translations in my translation table. I would like to talk to someone about specifics if possible.
Here's my original post:
www.firewall.cx/ftopict-6259.html
I am trying to policy nat but I think my ACL is causing problems. I keep getting mixed translations in my translation table. I would like to talk to someone about specifics if possible.
Here's my original post:
www.firewall.cx/ftopict-6259.html
15 years 9 months ago #29621
by Elohim
Please post your config.... what you want can be done in about 10 command line inputs.
I posed a question back on 3/4/09 regarding a NAT problem I'm having. I think I'm really close to figuring it out but I need that "last bit of assistance."
I am trying to policy nat but I think my ACL is causing problems. I keep getting mixed translations in my translation table. I would like to talk to someone about specifics if possible.
Here's my original post:
www.firewall.cx/ftopict-6259.html
- Chicago_Techie
- Topic Author
- Offline
- New Member
Less
More
- Posts: 17
- Thank you received: 0
15 years 8 months ago #30083
by Chicago_Techie
Replied by Chicago_Techie on topic Thought I'd update
So I finally figured out how to Multi home NAT. I thought I'd share. It works and is in production! I'm only posting the relevant parts of the config. (keep in mind that the interfaces need to be configured for NAT inside/outside depending on your situation.)
The IP's in this example are made up.....
Enjoy!
ip nat pool NAT-TO-COMPANYX 10.111.75.72 10.111.75.94 netmask 255.255.255.224
ip nat pool NAT-TO-INTERNET 69.10.7.43 69.10.7.43 netmask 255.255.255.248
ip nat inside source route-map TO-COMPANYX pool NAT-TO-COMPANYX
ip nat inside source route-map TO-INTERNET pool NAT-TO-INTERNET overload
route-map TO-INTERNET permit 10
match ip address 102
set ip next-hop 56.33.30.21
!
route-map TO-COMPANYX permit 10
match ip address 101
set ip next-hop 10.3.4.1
access-list 101 permit ip 192.168.17.0 0.0.0.255 {company x network you need to hit}
access-list 101 permit ip 192.168.17.0 0.0.0.255 {company x network you need to hit}
access-list 101 permit ip 192.168.17.0 0.0.0.255 {company x network you need to hit}
access-list 101 permit ip 192.168.17.0 0.0.0.255 {company x 0.255.255.255
access-list 102 deny ip 192.168.17.0 0.0.0.255 {company x network from acl 101 above}
access-list 102 deny ip 192.168.17.0 0.0.0.255 {company x network from acl 101 above}
access-list 102 deny ip 192.168.17.0 0.0.0.255 {company x network from acl 101 above}
access-list 102 deny ip 192.168.17.0 0.0.0.255 {company x network from acl 101 above}
access-list 102 permit ip 192.168.17.0 0.0.0.255 any {permit everything else out towards the internet}
This configuration sets up policy NAT'ing so that you can NAT towards two different sites be it 2 ISP's or 1 ISP and 1 private company ect..
Remember I just plopped in numbers for IP Addresses above. Some may not even fit in the bit boundry listed. I just picked any old numbers.
Hope this is useful for someone.
Remember.....NETWORKING ROCKS!
The IP's in this example are made up.....
Enjoy!
ip nat pool NAT-TO-COMPANYX 10.111.75.72 10.111.75.94 netmask 255.255.255.224
ip nat pool NAT-TO-INTERNET 69.10.7.43 69.10.7.43 netmask 255.255.255.248
ip nat inside source route-map TO-COMPANYX pool NAT-TO-COMPANYX
ip nat inside source route-map TO-INTERNET pool NAT-TO-INTERNET overload
route-map TO-INTERNET permit 10
match ip address 102
set ip next-hop 56.33.30.21
!
route-map TO-COMPANYX permit 10
match ip address 101
set ip next-hop 10.3.4.1
access-list 101 permit ip 192.168.17.0 0.0.0.255 {company x network you need to hit}
access-list 101 permit ip 192.168.17.0 0.0.0.255 {company x network you need to hit}
access-list 101 permit ip 192.168.17.0 0.0.0.255 {company x network you need to hit}
access-list 101 permit ip 192.168.17.0 0.0.0.255 {company x 0.255.255.255
access-list 102 deny ip 192.168.17.0 0.0.0.255 {company x network from acl 101 above}
access-list 102 deny ip 192.168.17.0 0.0.0.255 {company x network from acl 101 above}
access-list 102 deny ip 192.168.17.0 0.0.0.255 {company x network from acl 101 above}
access-list 102 deny ip 192.168.17.0 0.0.0.255 {company x network from acl 101 above}
access-list 102 permit ip 192.168.17.0 0.0.0.255 any {permit everything else out towards the internet}
This configuration sets up policy NAT'ing so that you can NAT towards two different sites be it 2 ISP's or 1 ISP and 1 private company ect..
Remember I just plopped in numbers for IP Addresses above. Some may not even fit in the bit boundry listed. I just picked any old numbers.
Hope this is useful for someone.
Remember.....NETWORKING ROCKS!
Time to create page: 0.133 seconds