Solved: nat scenario

sarahr202 · ‎12-10-2011

Hi everybody

please consider the following:

10.0.0.0/8 .1 199.199.199.0 .2

lan-----f0/0--R1-- s0/0------------------s0/0-R2 f0/0----11.11.11.0 (lan)

.1 200.200.200.0 .2

-- s1/0-----------------s1/1 f1/1----12.12.12.0 (lan)

Let say we create static ip route on R1 as:

S 11.11.11.0/24 via 199.199.199.2 s0/0

s 12.12.12.0/24 via 200.200.200.2 s1/1

Let say we configure nat on R1 as:

int f0/0

ip nat inside

int s0/0

ip natoutside

ip nat inside source list sarah interface s0/0 overload.

ip access-list extended sarah

permit ip 10.0.0.0 0.255.255.255 host 12.12.12.1

Let say a host 10.10.10.1 on 10.0.0.0/8 wants to send a packet to 12.12.12.1

Will R1 perforrm NAT?

My understanding is when R1 receives the packet, it will look up the destination ip ( 12.12.12.1) in routing table. Since routing table dictates this packet be sent via s1/1 to next hop 200.200.200.2 and there is no nat command (ip nat outside)configure under s1/1,R1 just simply forwards the packet without performing nat.

In short, R1 will only perform nat once the routing table look-up dictates s0/0 be used to forward those packets and they are matched by access-list sarah.

Is my understanding correct?

Thanks and have a great weekend

Marwan ALshawi · ‎12-11-2011

Your correct

Route lookup performed before nating with ip nat inside hence the exit interface selected before nat being performed

Hope this help

If helpful rate

View solution in original post

Marwan ALshawi · ‎12-11-2011

Your correct

Route lookup performed before nating with ip nat inside hence the exit interface selected before nat being performed

Hope this help

If helpful rate

Kishore Chennupati · ‎12-11-2011

---msg deleted as incorrectly tested.

You and Marwan are right. In my deleted post my static route was using the 199.199.199.0 as exit interface and not 200.200.200.0 hence it was still NATing

R1#ping 12.12.12.1 source gi1/0

Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 12.12.12.1, timeout is 2 seconds:

Packet sent with a source address of 10.1.1.1

*Dec 11 21:33:19.015: IP: s=10.1.1.1 (local), d=12.12.12.1, len 100, local feature, NAT(2), rtype 0, forus FALSE, sendself FALSE, mtu 0

*Dec 11 21:33:19.015: IP: tableid=0, s=10.1.1.1 (local), d=12.12.12.1 (GigabitEthernet3/0), routed via RIB

*Dec 11 21:33:19.015: IP: s=10.1.1.1 (local), d=12.12.12.1 (GigabitEthernet3/0), len 100, sending

*Dec 11 21:33:19.019: IP: s=10.1.1.1 (local), d=12.12.12.1 (GigabitEthernet3/0), len 100, sending full packet.

*Dec 11 21:33:21.015: IP: s=10.1.1.1 (local), d=12.12.12.1, len 100, local feature, NAT(2), rtype 0, forus FALSE, sendself FALSE, mtu 0

*Dec 11 21:33:21.015: IP: tableid=0, s=10.1.1.1 (local), d=12.12.12.1 (GigabitEthernet3/0), routed via RIB

*Dec 11 21:33:21.019: IP: s=10.1.1.1 (local), d=12.12.12.1 (GigabitEthernet3/0), len 100, sending

*Dec 11 21:33:21.019: IP: s=10.1.1.1 (local), d=12.12.12.1 (GigabitEthernet3/0), len 100, sending full packet.

*Dec 11 21:33:23.015: IP: s=10.1.1.1 (local), d=12.12.12.1, len 100, local feature, NAT(2), rtype 0, forus FALSE, s

HTH,

Kishore