NAT Overload both directions

  • Permalink
  • submit to reddit
  • Email
  • Follow


I am trying to do NAT overload both directions between two locations in 
my company.

One location being inside and one being outside.

I can do the overload on the ethernet interface going from inside to 
outside.

I seem to have to use a pool to go from outside to inside.
When I set this up I wanted to hide everything behind a single IP 
address pool, but seems it only lets one client on the outside to use a 
single IP in the pool at a time and not do PAT.

I thought I had this working in another location I used to work at but 
been a while and can not remember.

Is this possible ? another way to do it ?
Can I have two interfaces be inside and overload between them ?

Any sugestions would be greatful.

Thanks.
MC
0
Reply MC 11/10/2005 1:02:14 AM

See related articles to this posting

Yes, it is possible. Take a look at this cisco article: 
http://www.cisco.com/en/US/customer/tech/tk648/tk361/technologies_configuration_example09186a0080093f30.shtml


"MC" <mwclarke1@yahoo.com> wrote in message 
news:VVwcf.9892$kd.8750@bignews4.bellsouth.net...
>I am trying to do NAT overload both directions between two locations in my 
>company.
>
> One location being inside and one being outside.
>
> I can do the overload on the ethernet interface going from inside to 
> outside.
>
> I seem to have to use a pool to go from outside to inside.
> When I set this up I wanted to hide everything behind a single IP address 
> pool, but seems it only lets one client on the outside to use a single IP 
> in the pool at a time and not do PAT.
>
> I thought I had this working in another location I used to work at but 
> been a while and can not remember.
>
> Is this possible ? another way to do it ?
> Can I have two interfaces be inside and overload between them ?
>
> Any sugestions would be greatful.
>
> Thanks.
> MC 


0
Reply jdsal 11/10/2005 7:49:07 AM

comp.dcom.sys.cisco 25143 articles. 24 followers. Post

1 Replies
252 Views

Similar Articles

[PageSpeed] 32


  • Permalink
  • submit to reddit
  • Email
  • Follow


Reply:

Similar Artilces:

IPSec tunnels + NAT overload + NAT static
I have a setup with 1*1711 and 3*831. There is an IPSec tunnel between each of the 831 (remote sites) and the 1711 (main site). NAT overload is used for all the routers. Remote sites access a Terminal Server on the main site on the standard port 3389. This works well. I want to have access also from the Internet to the Terminal Server on the main site, but I want to use a different port number, let's say port 7888 (and I don't want to use this port number for the PC that are in the main or remote sites). Is this possible? With my current configuration, as soon as I insert : ip nat ...

Simultaneous NAT overload (internet) and NAT overlapping for IPsec
Hi all, Have been bashing my head against this for the last couple of days and was wondering if anyone might be able to take a look at the config and point where I might be approaching this wrong... My current lab is configured as: Two sites (SITE1/SITE2) connected via a third third router (ISP) - There is a pure IPsec tunnel between SITE1 and SITE2. Both SITE1 and SITE2 have overlapping IP addresses (SITE1 uses 10.1.1.0/24 and SITE2 uses 10.0.0.0/16 and 192.168.80.0/24 - however, we're only presented with access to 10.81.0.0/18 via the IPsec VPN) Okay... Overlapping NAT&...

NAT Overloading
I have a question regarding PAT or NAT Overloading. I understand how NAT overloading works with TCP and UDP which have the notion of port numbers, but how does it work and does it work at all with other protocols, like ICMP or IPIP or GRE ? For example, can I have several PPTP tunnels from the inside network to a VPN server in the Internet? Thanks for any input. -- Victor Sudakov, VAS4-RIPE, VAS47-RIPN 2:5005/149@fidonet http://vas.tomsk.ru/ ...

Help! Static NAT failed to work -- NAT overload issue?
Hi, I set up Cisco 1811 with multiple static NAT like this ip nat inside source static 10.10.10.13 xx.xx.xx.13 ip nat inside source static 10.10.10.11 xx.xx.xx.11 ...... Once a while when after lot of downloading/uploading, I failed to access all mapped machines except the router. And I have to reload the router to recover the access. When I look at the router's NAT table when it fails, there are hundred's entries like this (same external IP downloading from the server inside the router) 10.10.10.11 : 80 xx.xx.xx.xx : 2049 10.10.10.11 : 80 xx.xx.xx.xx : 2050 10.10.10.11 : 80 ...

NAT overload with some static NAT's and a block public IP's
Please review the config below : interface GigabitEthernet0/0 ip address 192.168.1.254 255.255.255.0 ip nat inside no cdp enable ! interface ATM0/0/0 dsl equipment-type CPE dsl operating-mode GSHDSL symmetric annex B dsl linerate AUTO pvc 0/35 encapsulation aal5mux ppp dialer dialer pool-member 10 ! ! interface Dialer10 ip address 80.80.80.9 255.255.255.248 ip nat outside encapsulation ppp dialer pool 10 dialer persistent ppp authentication pap callin ppp pap sent-username user password pass ! ip classless ip route 0.0.0.0 0.0.0.0 Dialer10 permanent ! ip nat translation tim...

Cisco 1801 - ADSL/PPPoE - IPSec - Static NAT ---- 56K Dial Backup
I am looking for a little guidance on coming up with a configuration for a very complicated situation. What I'm looking to do is to run a PPPoE ADSL connection on a Cisco 1801. This 1801 will then need to do an IPSec tunnel back to a Juniper ERX. Also, I will need to do several Static NATs with one of the subnets that will be tunneled. For example, the ethernet subnet of the Cisco will be 192.168.100.254/24. I will then route 10.20.95.0/24 via the IPSec tunnel and will need to create specific Static NAT's throughout the subnet, such as 10.20.95.1 will equal 192.168.100.100. The r...

several nat overload
Hello! I want to have two nat overload Gi 0/0 is internal interface with nat inside Gi 0/0.5 is external with nat outside There is rule: ip nat inside source list 2 interface GigabitEthernet0/0.5 overload If I try ip nat inside source list 2 interface GigabitEthernet0/0.8 overload I get %Dynamic mapping in use, cannot change If I add ip nat inside source list 3 interface GigabitEthernet0/0.8 overload and add ip nat outside on Gi 0/0.8 then there is no translations in sh ip nat translations Is it possible to solve this problem? "Dmitry Melekhov" <dm@belkam.com> wrot...

Direct connections through NAT/firewall
I'm involved with some research at the University of Manitoba (in Winnipeg, Canada) this summer. My colleagues and I are in the process of developing a method for reliably establishing direct connections over the Internet between two hosts that are both behind NAT gateways. The software we've come up with runs in userspace linux, so there is no kernel or network stack tweaking required. It can easily be extended to multiple operating systems. No ports have to be explicitly opened at the firewall. And the method is able to "break through" several kinds of NAT/firewalls...

NAT Overload and load sharing
I have a Cisco 2650 with IOS 12.3 (c2600-i-mz.123-16.bin), a fast ethernet, and 2 Int T1 CSU/DSU cards. Verizon has just enabled the second T-1 line for constant operation--it was previosly just a backup line. Each T-1 is using frame relay on a serial sub-interface and has ip addresses assigned-- using a /30 subnet. The FA0/0 is defined as ip nat inside and the Serial Sub Interfaces are designated as ip nat outside. I was using" ip nat inside source list 10 interface s0/0.1 overload" to allow internal users access to the Internet. I can now use the ip nat pool test netmask ...