Buenos dias a todos,
(best regard to everybody)
Tenemos un router 2801 y deseamos natear varios segmentos de red.
(we have a 2801 router and we wish to nat many network segments)
Estos segmentos de red los estamos separando con access-list e ingresandolos a un route-map en particular.
(this network segments are being separated with access-list and putted them in an specific route-map).
Luego definimos, un nat pool especifico para cada segmento y luego aplicamos el nateo.
(then we define an specific pool nat for each network segement and then we aplly nat).
Pueden indicarnos, si es permitido usar varios nat pool y varios segmentos a natear y cual es el numero maximo permitido?
(can you tell us if is allowed the use of many nat pool and many network segment and which is the maximum number allowed?)
Adjunto la configuracion (ejemplo) que estamos usando:
(we add the configuration used:)
interface FastEthernet0/0
ip address 10.91.1.1 255.255.0.0
ip nat outside
duplex auto
speed auto
!
interface FastEthernet0/1
ip address 10.183.200.2 255.255.0.0
ip nat inside
ip policy route-map NO_NAVEGA
duplex auto
speed auto
!
ip classless
ip route 0.0.0.0 0.0.0.0 10.91.1.2
ip route 10.183.0.0 255.255.0.0 10.183.200.1
!
ip http server
ip nat pool AG_1 10.91.111.1 10.91.111.254 netmask 255.255.255.0
ip nat pool AG_2 10.91.121.1 10.91.121.254 netmask 255.255.255.0
ip nat inside source route-map NAVEGA_AG1 pool AG_1 reversible
ip nat inside source route-map NAVEGA_AG2 pool AG_2 reversible
!
ip access-list extended AG_1
deny ip 10.183.111.0 0.0.0.255 10.1.0.0 0.0.255.255
deny ip 10.1.0.0 0.0.255.255 10.183.111.0 0.0.0.255
deny ip 10.183.111.0 0.0.0.255 10.72.0.0 0.0.255.255
deny ip 10.72.0.0 0.0.255.255 10.183.111.0 0.0.0.255
permit ip any any
ip access-list extended AG_11
permit ip 10.183.0.0 0.0.0.255 10.1.0.0 0.0.255.255
permit ip 10.1.0.0 0.0.255.255 10.183.0.0 0.0.255.255
permit ip 10.183.0.0 0.0.255.255 10.72.0.0 0.0.255.255
permit ip 10.72.0.0 0.0.255.255 10.183.0.0 0.0.255.255
ip access-list extended AG_2
deny ip 10.183.121.0 0.0.0.255 10.1.0.0 0.0.255.255
deny ip 10.1.0.0 0.0.255.255 10.183.121.0 0.0.0.255
deny ip 10.183.121.0 0.0.0.255 10.72.0.0 0.0.255.255
deny ip 10.72.0.0 0.0.255.255 10.183.121.0 0.0.0.255
permit ip any any
!
route-map NO_NAVEGA permit 10
match ip address AG_11
set ip next-hop 10.91.1.2
!
route-map NAVEGA_AG2 permit 10
match ip address AG_2
!
route-map NAVEGA_AG1 permit 10
match ip address AG_1
!
!
NOta:
el trafico que no es nateado es separado con el access-list: extended AG_11 y puesto en el route-map: NO_NAVEGA para luego ser enrrutado hacia otro router: 10.91.1.2
(the traffic that is not natted is separated with access-list: extended AG_11 and putted into route-map: NO_NAVEGA and then forwarder to 10.91.1.2.
Thanking you in advance.