Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
384
Views
0
Helpful
1
Replies

NAT Statement

jvanooteghem
Level 1
Level 1

‎03-11-2003 07:00 PM - edited ‎03-02-2019 05:47 AM

Could someone explain the purpose of the nat outside statement on the BVI1 interface in this config. when there is already a nat inside on E1?

no service pad

service timestamps debug uptime

service timestamps log uptime

service password-encryption

!

hostname Router

!

no logging buffered

no logging console

no logging monitor

no logging on

!

ip subnet-zero

ip name-server 10.4.1.1

ip name-server x.x.x.x

ip name-server x.x.x.x

!

ip inspect name myfw cuseeme timeout 3600

ip inspect name myfw ftp timeout 3600

ip inspect name myfw rcmd timeout 3600

ip inspect name myfw realaudio timeout 3600

ip inspect name myfw smtp timeout 3600

ip inspect name myfw tftp timeout 30

ip inspect name myfw udp timeout 15

ip inspect name myfw tcp timeout 3600

ip inspect name myfw h323 timeout 3600

!

bridge irb

!

!

interface Ethernet0

ip address 10.4.1.99 255.224.0.0

ip nat inside

no cdp enable

hold-queue 100 out

!

interface ATM0

no ip address

atm vc-per-vp 64

no atm ilmi-keepalive

pvc 0/35

encapsulation aal5snap

!

dsl operating-mode itu-dmt

bridge-group 1

hold-queue 224 in

!

interface BVI1

ip address dhcp client-id Ethernet0

ip access-group 111 in

ip nat outside

ip inspect myfw out

!

ip nat inside source list 102 interface BVI1 overload

ip classless

ip route 0.0.0.0 0.0.0.0 BVI1

no ip http server

!

!

no logging trap

logging source-interface Ethernet0

logging 10.4.1.98

access-list 23 permit 10.0.0.0 0.31.255.255

access-list 30 permit 10.4.1.2

access-list 102 permit ip 10.0.0.0 0.31.255.255 any

access-list 111 permit icmp any any administratively-prohibited

access-list 111 permit icmp any any echo

access-list 111 permit icmp any any echo-reply

access-list 111 permit icmp any any packet-too-big

access-list 111 permit icmp any any time-exceeded

access-list 111 permit icmp any any traceroute

access-list 111 permit icmp any any unreachable

access-list 111 permit udp any eq bootps any eq bootpc

access-list 111 permit udp any eq bootps any eq bootps

access-list 111 deny icmp any any redirect

access-list 111 deny ip any any

no cdp run

snmp-server community xxxxxxx RO 30

bridge 1 protocol ieee

bridge 1 route ip

!

line con 0

exec-timeout 120 0

stopbits 1

line vty 0 4

access-class 23 in

exec-timeout 120 0

password 7 123456789

login

length 0

!

Labels:
0 Helpful
1 Reply 1

rwiesmann
Level 4
Level 4

‎03-11-2003 11:50 PM

Hi

NAT is configured on the router at the border of a stub domain (referred to as the inside network) and a public network such as the Internet (referred to as the outside network). NAT translates the internal local addresses to globally unique IP addresses before sending packets to the outside network.

So somehow you have to descide from which side you want to translate addresses.

So the inside command marks you the interface connected to the inside and

the outside command marks you the interface connected to the outside.

Hope that helps

Roger

0 Helpful
Customers Also Viewed These Support Documents

Review Cisco Networking for a $25 gift card