Skip to main content

CCIE?

More
15 years 9 months ago #29612 by Chicago_Techie
CCIE? was created by Chicago_Techie
Are there any CCNP or CCIE's on board that I might be able to talk to?

Thanks!
More
15 years 9 months ago #29613 by Chojin
Replied by Chojin on topic Re: CCIE?
What u wanna know?

CCNA / CCNP / CCNA - Security / CCIP / Prince2 / Checkpoint CCSA
More
15 years 9 months ago #29619 by Chicago_Techie
Replied by Chicago_Techie on topic Re: CCIE?
I posed a question back on 3/4/09 regarding a NAT problem I'm having. I think I'm really close to figuring it out but I need that "last bit of assistance."

I am trying to policy nat but I think my ACL is causing problems. I keep getting mixed translations in my translation table. I would like to talk to someone about specifics if possible.

Here's my original post:

www.firewall.cx/ftopict-6259.html
More
15 years 9 months ago #29621 by Elohim
Replied by Elohim on topic Re: CCIE?
Please post your config.... what you want can be done in about 10 command line inputs.

I posed a question back on 3/4/09 regarding a NAT problem I'm having. I think I'm really close to figuring it out but I need that "last bit of assistance."

I am trying to policy nat but I think my ACL is causing problems. I keep getting mixed translations in my translation table. I would like to talk to someone about specifics if possible.

Here's my original post:

www.firewall.cx/ftopict-6259.html

More
15 years 8 months ago #30083 by Chicago_Techie
Replied by Chicago_Techie on topic Thought I'd update
So I finally figured out how to Multi home NAT. I thought I'd share. It works and is in production! I'm only posting the relevant parts of the config. (keep in mind that the interfaces need to be configured for NAT inside/outside depending on your situation.)
The IP's in this example are made up.....

Enjoy!

ip nat pool NAT-TO-COMPANYX 10.111.75.72 10.111.75.94 netmask 255.255.255.224
ip nat pool NAT-TO-INTERNET 69.10.7.43 69.10.7.43 netmask 255.255.255.248
ip nat inside source route-map TO-COMPANYX pool NAT-TO-COMPANYX
ip nat inside source route-map TO-INTERNET pool NAT-TO-INTERNET overload

route-map TO-INTERNET permit 10
match ip address 102
set ip next-hop 56.33.30.21
!
route-map TO-COMPANYX permit 10
match ip address 101
set ip next-hop 10.3.4.1

access-list 101 permit ip 192.168.17.0 0.0.0.255 {company x network you need to hit}
access-list 101 permit ip 192.168.17.0 0.0.0.255 {company x network you need to hit}
access-list 101 permit ip 192.168.17.0 0.0.0.255 {company x network you need to hit}
access-list 101 permit ip 192.168.17.0 0.0.0.255 {company x 0.255.255.255
access-list 102 deny ip 192.168.17.0 0.0.0.255 {company x network from acl 101 above}
access-list 102 deny ip 192.168.17.0 0.0.0.255 {company x network from acl 101 above}
access-list 102 deny ip 192.168.17.0 0.0.0.255 {company x network from acl 101 above}
access-list 102 deny ip 192.168.17.0 0.0.0.255 {company x network from acl 101 above}
access-list 102 permit ip 192.168.17.0 0.0.0.255 any {permit everything else out towards the internet}

This configuration sets up policy NAT'ing so that you can NAT towards two different sites be it 2 ISP's or 1 ISP and 1 private company ect..

Remember I just plopped in numbers for IP Addresses above. Some may not even fit in the bit boundry listed. I just picked any old numbers.

Hope this is useful for someone.
Remember.....NETWORKING ROCKS!
Time to create page: 0.133 seconds