NAT Overload both directions

I am trying to do NAT overload both directions between two locations in 
my company.

One location being inside and one being outside.

I can do the overload on the ethernet interface going from inside to 
outside.

I seem to have to use a pool to go from outside to inside.
When I set this up I wanted to hide everything behind a single IP 
address pool, but seems it only lets one client on the outside to use a 
single IP in the pool at a time and not do PAT.

I thought I had this working in another location I used to work at but 
been a while and can not remember.

Is this possible ? another way to do it ?
Can I have two interfaces be inside and overload between them ?

Any sugestions would be greatful.

Thanks.
MC
0
MC
11/10/2005 1:02:14 AM
comp.dcom.sys.cisco 25295 articles. 0 followers. Post Follow

1 Replies
394 Views

Similar Articles

[PageSpeed] 21
Yes, it is possible. Take a look at this cisco article: 
http://www.cisco.com/en/US/customer/tech/tk648/tk361/technologies_configuration_example09186a0080093f30.shtml


"MC" <mwclarke1@yahoo.com> wrote in message 
news:VVwcf.9892$kd.8750@bignews4.bellsouth.net...
>I am trying to do NAT overload both directions between two locations in my 
>company.
>
> One location being inside and one being outside.
>
> I can do the overload on the ethernet interface going from inside to 
> outside.
>
> I seem to have to use a pool to go from outside to inside.
> When I set this up I wanted to hide everything behind a single IP address 
> pool, but seems it only lets one client on the outside to use a single IP 
> in the pool at a time and not do PAT.
>
> I thought I had this working in another location I used to work at but 
> been a while and can not remember.
>
> Is this possible ? another way to do it ?
> Can I have two interfaces be inside and overload between them ?
>
> Any sugestions would be greatful.
>
> Thanks.
> MC 


0
jdsal
11/10/2005 7:49:07 AM
Reply:
Similar Artilces:

overloading constructor & destructors ? insane :-)
i need to have access to all objects, their variables and possibly methods of same classes.In other words, i would like to be able to manipulate my objects via an external interface to my application. for this i will have a simple client portion written and compiled into my application. this will connect to my server that is ready for interrogation from command line. question: do i have to mess with contructor/destructor to do that ? any code sample is highly appreciated. thanks in advance. [ See http://www.gotw.ca/resources/clcm.htm for info about ] [ comp.lang.c++.moderated....

A NAT question
Hi, I've got a basic but quite important question about NAT: our OpenBSD PF Firewall will have 2 different class C subnets behind our firewall assigned by our provider (one per interface) then behind our firewall we will also use a private C subnet (192.168.X.X). In front of our firewall there will be the WAN subnet (also called transit subnet) which connects us directly to the router of the ISP. The ISP routes the two class C subnets directly to our OpenBSD firewall on it's WAN IP address. Now I would like to use NAT only for the whole private C subnet (192.168.X.X...

NAT config question
Hi Question about setting up 3 branch office and a main office network connected with cisco routers. I have a few questions just to recap 1) 4 offices A,B,C,D 2) B,C,D connect to A the headquarter using Point to point T1 3) A also has a T1 for internet, So A has 4 wics. 4) B,C,D use A for internet access. Now my question is Since B,C,D are accessing internet using A, what needs to be configured on B,C,D and A router so that all branch office can access the internet ( using NAT ). If you can kinda give me a config using some fictitous ip addresess it will be great. When using NAT it seems...

I was directing to proceed you some of my dying ointments.
the stanza: 'Oranges and lemons,' say the bells of St. Clement's, 'You owe me three farthings,' say the bells of St. Martin's, 'When will you pay me?' say the bells of Old Bailey, 'When I grow rich,' say the bells of Shoreditch. 'You knew the last line!' said Winston. 'Yes, I knew the last line. And now, I am afraid, it is time for you to go. But wait. You had better let me give you one of these tablets.' As Winston stood up O'Brien held out a hand. His powerful grip crushed the bon...

Efficiency of direct function call foo vs. method within class class:foo
BACKGROUND I recently realised that one can call a function within a class (a "method" I believe) without instantiating the class itself. Don't know why that escaped me for so long.. anyway.. For one of my sites, I have a series of functions which relate to a particular feature available on the site. I don't want full object orientation because of the resource drain that would needlessly have - the feature doesn't require such an approach. However, although all the functions are grouped in the same library (i.e. the same page), it would be helpful to encapsulate the...

Overload << and >>
I have tried to implement the overload of these 2 operators. ostream & operator<<(ostream &out, Person &p){ out<<p.getName()<<" "<<p.getSurname()<<", "<<p.getDateOfBirth()<<endl; return out; } This overload work but I have a curiosty If I try to approch to the name or to the surname or to the dateofbirth in this way i receive error: ostream & operator<<(ostream &out, Person &p){ out<<p.name<<" "<<p.surname<<", "<<p.dateofbirth<<endl; return out; } ...

nat
Hi, I would like to do the following. network | eth 1 PC running nat | eth 0 switch | | | | | + pc A | + pc B + pc c How do I configure Pc running nat to have 4 addresses on eth1 one for itself and each of the pc's a, b, and c? basically I want the pc running nat to filter all non ip type traffic. I don't want PAT just NAT. #in rc.local point to a script that does the following: ifconfig eth1 10.0.0.1 netmask 255.255.255.0 broadcast 10.0.0.255 up ifconfig eth1 10.0.0.2 netmask 255.255.255.0 broadcast 10.0.0.255 up ifconfig eth1 1...

openmp section directive for loops
Very new to parallel processing. Wondering whether it's possible to use the section directive with openmp to break a large loop into smaller loops and run each loop at the same time? thanks james -- ...

One private IP NAT to multiple public IPs?
I have a requirement to setup a network so that an internal server communicates with outside world through different WAN networks. I have three separate WAN connections terminated on a single Cisco 6500. The internal network also connects to the same switch. External VLANs: Ingress, Egress and Management Internal VLAN: Internal Requirements: 1. Management traffic can only talk to the internal server(s) via Management WAN; 2. Application traffic can only talk to the internal server(s) via Ingress WAN; 3. Outbound traffic originated from internal servers has to go through Egress WAN; 4. Interna...

contextual overload resolution of a member name from two bases
Given the definitions struct B1 { int foo; }; struct B2 { double foo; }; struct D: B1, B2 { }; template <typename T,T t> struct void_holder { typedef void type; }; template <typename T> typename void_holder<int B1::*,&T::foo>::type test(T*) { } int main(){ test<D>(0); } should the deduction for "test<D>(0);" fail or succeed? I'm pretty sure (but not 100%) it should succeed and I'd like others to confirm it. Or, perhaps, point to some core DR that covers this snippet. The snippet is a shortened version of what I submitted to gcc bugzilla...

NAT to NAT
Hi I am running VNC on a machine on my network behind my NAT router. I have forwarded the ports and everything and have checked that they work by using the tools at: http://www.psi-rho.com/dsltools/ (i used the webserver one because VNC's reply shows in it. The ports are open and reply back and everything and i have even managed to get friends to connect to me but when i go to college i cant connect. I am assuming that my college uses NAT too. Could this be causing problems? I first assumed that they had blocked the port so i even tried using the webserver in VNC to connect. I realised t...

NASM org directive
I was studying programming BIN format which will be executed not based on any operating system. I wrote a boot sector program which loads a small size of another program at RAM 0x10000. My first question is how NASM ORG directive works. I really wonder how it works. When I read the NASM manual, it explains it to me that it is used to specify the origin address from the segment so that NASM knows there. For example, the directive [org 0x100] in .COM format says the actual code begins 0x100 byte away from where the CS register points to. That's what I studied. I found the operand label addr...

Why the inconsistent form of operator new/delete overloading?
As we all know, operator new()/new[]() can be overloaded and then called in new-expression. E.g. Suppose we have some sort of Fast Memory Pool, we could sketch something like this: void* operator new(size_t, FastMemory&); void operator delete(void*,FastMemory&); the usage of the overloaded new above would of course be: px = new (fast_mem) X; but then I got stucked on trying to use the seamingly absolutely natural way to delete px, that is: delete (fast_mem) px; // Here! Error Occurs! So why is this? And what's the alternative? Of course, I really wanna know the rationale be...

Jumbo frames and compatibility with NAT
I ususally use "jumbo frames" on a computational cluster of machines since all the connected adapters are large MTU capable. THis is a private VLAN and has its own associated subnet. But recently we wanted to have a border-server straddle the network. This has two adapters and the one in the private-VLAN can do large MTU's and the public-internet-adapter could do normal MTU's. But now we were planning on running NAT (via iptables and masqurade) on the border-server. Is this a problem? I know that Jumbo-frames are problematic unless all hardware end-to-end supports l...

NAt trouble (i think)
Hello, I'm a PIX newbie and am fumbling around with some of my config. I'm trying to get SQL queries from a machine on the internal interface over a DMZ to a server at the other end of the DMZ. >From the PIX terminal I am able to ping the SQL box, but I am not able to get any traffic across from the machine on the internal interface. I thought my config was pretty simple, but perhaps too simple since it does not work.... Im wondering if i need a special ACL or a nat 0 statement or something but i dont really know what i am supposed to do with those! .... : PIX Version 6.3(4) int...

ipfw w/nat
I'm now using ipfw nat, and observe: Even with a nat instance configured for logging, there are no log entries for dropped packets. This is quite different from natd, of course. Comments? Suggestions? RFE? Bug? THanks, Michael --- do not reply to the From: address, it's for collecting SPAM! ...

nat-transparency
Hi All, I just installed 12.2(15)T onto my 3640 and am trying to use the new nat-traversal feature. I see some of the options under "crypto ipsec nat-traversal ... ". The cleint however has the option of connection on port 10000 or whatever port you'd like. Where do you set this port in the IOS? Thanks Warrick On Tue, 23 Dec 2003 23:07:08 -0600, Warrick FitzGerald wrote: > Hi All, > > I just installed 12.2(15)T onto my 3640 and am trying to use the new > nat-traversal feature. > > I see some of the options under "crypto ipsec nat-traversal ... &q...

ASA 5510 UDP NAT problem
Hello all, Just received new ASA 5510 and am doing initial testing and config in my lab. I have set up three interfaces e0/0 as inside security=100 e0/1 as dmz security=50 e0/2 as outside security=0 I used the following statement to set up dynamic nat nat (inside) 1 0.0.0.0 0.0.0.0 global (outside) 1 interface I have two simple access lists configured for testing. access-list inside_in extended permit icmp any any echo access-list inside_in deny ip any any access-list outside_in permit icmp any any echo-reply So here's what I'm seeing: When I ping an address on the outside,...

solutions manual for The Little, Brown Workbook 12e 12/E 12th Edition by Donna Gorrell contact directly at studentshelp(at)hotmail(dot)com
The Little, Brown Workbook 12e 12/E 12th Edition by Donna Gorrell solutions manual available at best price contact at studentshelp(at)hotmail(dot)com The Little, Brown Workbook 12e 12/E 12th Edition by Donna Gorrell ...

Here's the Norvergence "Matrix Box" Directly on Adtran's Website
To all of those who are currently being defrauded into paying a $200 to $1500 (or even higher) per month charge for the rental of a "Matrix Box" from Norvergence to change your calls from "voice to high speed data, therefore, eliminating the cost per minute". Here is the Matrix Box as shown in Norvergence's brochures, only, without the Norvergence stickers. It is NOT manufactured by Nortel Networks, it is manufactured by Adtran. Further, it is being sold on Ebay (for a one time charge) for about $750. Follow this link: http://www.adtran.com/adtranpx/Rooms/Disp...

NAT type of Cisco 877W
Hello! I'd like to know what type (cone, ip restricted, port restricted or symmetric) of NAT is implemented by the Cisco 870 routers (http://www.cisco.com/en/US/products/hw/routers/ps380/products_data_sheet0900aecd8028a976.html). Do you have some information about this? Thanks in advance! -- Lionel Fourquaux ...

Opinions: To NAT or not to NAT?
Greetings, I'm looking for some expert opinions on the following question: Should individual departments in a large university be behind NAT firewalls or transparent firewalls? Proposal (1): The university assigns every PC (and Mac, and network printer, and whatnot) an IP address from its allocation, and DHCP-serves the PC from its central DHCP server, which also serves as an inventory of networked computers on campus. Departments are encouraged to get firewalls, which must be transparent and capable of DHCP relaying. Departmental subnets work whether or not a firewall is present. ...

PIX 515 and NAT problem
Hello, I've got a following network: <172.18.x.x> --------------- <PIX> ----------------- <192.168.1.1> First, I'm setting static translation on PIX: static (inside,outside) 172.18.1.1 192.168.1.1 netmask 255.255.255.255 0 0 access-list IN permit ip any any access-list OUT permit ip any any access-group OUT in interface outside access-group IN in interface inside route outside 0.0.0.0 0.0.0.0 172.18.1.253 1 To that point everything looks good. Translation is doing when connect initiated from both sides. But, there is mandatory to filter which connections sh...

1-1 NAT Routers
I need a SIMPLE router that will sit on our network as a gateway to a partners network. It would need to be able to do 1-to-1 NAT for half a dozen clients so that traffic appears to be from a set number of set addresses on the other network. Clever firewall rules etc not required just something cheap that would do the job. Preferably manageable via a simple http admin page - I can't really be doing with learning how to config "proper" routers..... Any suggestions ? -- Fik ...

BNF-like grammar specified DIRECTLY in Ruby
Here is my first contribution to Ruby: http://raa.ruby-lang.org/project/syntax/ There is still plenty missing in here and it is a work in progress, but I think it is ready for some of you to try it out if you like it. To get an idea of what this is, there is a simple expression evaluator example below. This is pure Ruby code - no yacc type compiling necessary. That's what I love about it. Eric #!/usr/bin/ruby -d require "syntax" NULL = Syntax::NULL INF = +1.0/0 LOOP0 = (0..INF) LOOP1 = (1..INF) int = (("0".."9")*LOOP1).qualify { |m| m.to_s.to_i } n...