Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
928
Views
0
Helpful
2
Replies

ip nat source static versus ip nat source static network

orbis
Level 1
Level 1

‎10-19-2006 12:44 PM - edited ‎03-03-2019 02:24 PM

Hi,

using NAT with NVI, the following statement:

ip nat source static 192.168.255.2 10.0.2.2 vrf kk-C1 extendable

enables communication with the internal host 192.168.255.2 using external

IP address 10.0.2.2. The destination address 10.0.2.2 gets translated to

192.168.255.2. In the opposite direction, the traffic from 192.168.255.2

coming out to the external network is subject to translation of the source

address 192.168.255.2 to 10.0.2.2. What is important, this works in both

directions without any problem.

The following statement:

ip nat source static network 192.168.255.2 10.0.2.2 /32 vrf kk-C1 extendable

does the same thing, because it translates to the same statement as the

previous one.

However, the following statement:

ip nat source static network 192.168.255.2 10.0.2.2 /31 vrf kk-C1 extendable

as well as the following one:

ip nat source static network 192.168.255.0 10.0.2.0 /24 vrf kk-C1 extendable

behave differently.

The traffic from 192.168.255.2 coming out to the external network is OK (NAT

works in exactly the same manner as described previously). However, the

traffic coming from external network to 10.0.2.2 won't get through UNTIL

at least one packet comes in the opposite direction...

Is this a bug or feature?

I would not call this a cool feature...

I would very appreciate any suggestions on how to configure this kind of NAT

for a bunch of internal hosts (actually, hundreds of them) without the need to

configure hundreds of ip nat statements (one for every pair of IP addresses).

Any ideas?

Regards,

Rosta

Labels:
0 Helpful
2 Replies 2

sundar.palaniappan
Level 10
Level 10

‎10-19-2006 01:23 PM

Rosta,

You can configure nat pool, like the one noted below, to assign a global address from that pool for all your inside users. But, you would have no control over what global address the inside users get. If you are trying to access an inside user from outside then you can combine the one-to-one static NAT and the NAT pool for this work. If you combine them the exclude the one-to-one NATted address from the NAT pool address range.

ip nat inside source list 10 pool TEST vrf kk-C1

ip nat pool TEST 10.0.2.1 10.0.2.254 prefix-length 24

access-list 10 permit 192.168.255.0

HTH

Sundar

0 Helpful

orbis
Level 1
Level 1
In response to sundar.palaniappan

‎10-19-2006 09:16 PM

Sundar,

thanks for the advice. In fact, I need the NAT for management purposes

(I need to manage devices in possibly overlapping user networks, so the

first step is to "normalize" all the addresses to a common private

address range). So, I need to have the control over what global address

the inside devices get.

I really don't want to use hundreds of one-to-one static NAT entries.

Perhaps the "NAT Routemaps Outside-to-Inside Support" feature could be the

solution:

http://tinyurl.com/yxru9t

However I didn't find a way how to configure reversible NAT together with

VRF.

Anyway, thanks for your prompt reply.

Regards,

Rosta

0 Helpful
Customers Also Viewed These Support Documents