Re: NAT concerns on existing ethernet interface

cayce · ‎10-10-2001

I need to run NAT on my AS5200 to translate some private IPs in the 10.0.1.0 range. From the Cisco docs available, I am not sure what will happen to traffic on my existing ethernet interface if I put the IP nat access lists on it. An example set-up from Cisco gives the following:

interface ethernet 1

ip address 10.10.20.1 255.255.255.0

ip nat inside

interface serial 0

ip address 172.16.10.64 255.255.255.0

ip nat outside

ip nat pool ovrld 172.16.10.1 172.16.10.1 prefix 24

ip nat inside source list 7 pool ovrld overload

access-list 7 permit 10.10.10.0 0.0.0.31

access-list 7 permit 10.10.20.0 0.0.0.31

I'd like to do the following:

NAT any ip in 10.0.1.0 255.255.255.0 range to just one real IP in my class C.

All privite IPs are currently routed to one IP in my Class C (the ethernet interface on a 2nd router)

What kind of NAT commands do I need to set up so my current traffic isn't affected and I only NAT the private IPs?

brianreid_tampa · ‎10-11-2001

Cayce,

The access-list that are reference in the NAT statement do not interfere / modify the traffic that crosses the Ethernet interface. Rather it is used only to identify the traffic. In your example, traffic originating from 10.10.10.0 /27 and 10.10.20.0 /27 would be translated as it passed from E1 to S0. Traffic passing from E1 to S0 originating outside of the access-list ranges would not be translated, yet still be routed /forwarded.

The example looks like a good template for your situation, just modify the access-list appropriately. If you decided that you did not what to burn a 24 bit network on the serial link. It is possible to utilize the existing Serial address as the translation address, which would allow to modify subnet masks to a smaller subnet if appropriate.

Regards