Hi all,
is it possible to hide a lot (think Internet) of public IP addresses with NAT on an IOS device? By hide I mean translate to the RFC1918 namespace.
The logical construct would be:
ip nat outside source...
but this isn't suited to many out...
I have this running with the router as in the initiator (one interface is behind CGNAT).You might need to set the StrongSwan traffic selectors manually:connections.conn.children.child.local_ts = 0.0.0.0/0connections.conn.children.child.remote_ts = 0....
Hi Jon,
When you say it's possible, do you mean the way I've already described (and discounted)? Or some other way?
What I'm trying to achieve is the hiding of a subset of the public address namespace using the private address namespace. I unde...
Hi,
old reply I know. The MACs are there - they are the last 6 digits in the oids.
eg from above:
SNMPv2-SMI::enterprises.9.6.1.104.1.7.1.1.2.0.34.250.97.149.218 = STRING: "wlan0"
0.34.250.97.149.218 is 00:22:fa:61:95:da
# perl -le '$oid="0.34.2...
So now you've fooled the P into thinking it's forwarding an IPv4 packet, if you want to have it forward over multiple links you'll need to create some entropy in the fields that it considers to be the fundaments of an IP packet. In this scenario obv...
Without knowing your topology...I'm pretty sure this scenario only crops up on P routers. So you'd need at least three routers (PE---P---PE) to see it.When behaving as a PE the ASRs build the hash on the unencapsulated traffic and so the issue doesn...