NAT Overload both directions

  • Permalink
  • submit to reddit
  • Email
  • Follow


I am trying to do NAT overload both directions between two locations in 
my company.

One location being inside and one being outside.

I can do the overload on the ethernet interface going from inside to 
outside.

I seem to have to use a pool to go from outside to inside.
When I set this up I wanted to hide everything behind a single IP 
address pool, but seems it only lets one client on the outside to use a 
single IP in the pool at a time and not do PAT.

I thought I had this working in another location I used to work at but 
been a while and can not remember.

Is this possible ? another way to do it ?
Can I have two interfaces be inside and overload between them ?

Any sugestions would be greatful.

Thanks.
MC
0
Reply MC 11/10/2005 1:02:14 AM

See related articles to this posting


Yes, it is possible. Take a look at this cisco article: 
http://www.cisco.com/en/US/customer/tech/tk648/tk361/technologies_configuration_example09186a0080093f30.shtml


"MC" <mwclarke1@yahoo.com> wrote in message 
news:VVwcf.9892$kd.8750@bignews4.bellsouth.net...
>I am trying to do NAT overload both directions between two locations in my 
>company.
>
> One location being inside and one being outside.
>
> I can do the overload on the ethernet interface going from inside to 
> outside.
>
> I seem to have to use a pool to go from outside to inside.
> When I set this up I wanted to hide everything behind a single IP address 
> pool, but seems it only lets one client on the outside to use a single IP 
> in the pool at a time and not do PAT.
>
> I thought I had this working in another location I used to work at but 
> been a while and can not remember.
>
> Is this possible ? another way to do it ?
> Can I have two interfaces be inside and overload between them ?
>
> Any sugestions would be greatful.
>
> Thanks.
> MC 


0
Reply jdsal 11/10/2005 7:49:07 AM
comp.dcom.sys.cisco 25195 articles. 25 followers. Post

1 Replies
296 Views

Similar Articles

[PageSpeed] 37


  • Permalink
  • submit to reddit
  • Email
  • Follow


Reply:

Similar Artilces:

IPSec tunnels + NAT overload + NAT static
I have a setup with 1*1711 and 3*831. There is an IPSec tunnel between each of the 831 (remote sites) and the 1711 (main site). NAT overload is used for all the routers. Remote sites access a Terminal Server on the main site on the standard port 3389. This works well. I want to have access also from the Internet to the Terminal Server on the main site, but I want to use a different port number, let's say port 7888 (and I don't want to use this port number for the PC that are in the main or remote sites). Is this possible? With my current configuration, as soon as I insert : ip nat ...

Simultaneous NAT overload (internet) and NAT overlapping for IPsec
Hi all, Have been bashing my head against this for the last couple of days and was wondering if anyone might be able to take a look at the config and point where I might be approaching this wrong... My current lab is configured as: Two sites (SITE1/SITE2) connected via a third third router (ISP) - There is a pure IPsec tunnel between SITE1 and SITE2. Both SITE1 and SITE2 have overlapping IP addresses (SITE1 uses 10.1.1.0/24 and SITE2 uses 10.0.0.0/16 and 192.168.80.0/24 - however, we're only presented with access to 10.81.0.0/18 via the IPsec VPN) Okay... Overlapping NAT&...

NAT Overloading
I have a question regarding PAT or NAT Overloading. I understand how NAT overloading works with TCP and UDP which have the notion of port numbers, but how does it work and does it work at all with other protocols, like ICMP or IPIP or GRE ? For example, can I have several PPTP tunnels from the inside network to a VPN server in the Internet? Thanks for any input. -- Victor Sudakov, VAS4-RIPE, VAS47-RIPN 2:5005/149@fidonet http://vas.tomsk.ru/ ...

Help! Static NAT failed to work -- NAT overload issue?
Hi, I set up Cisco 1811 with multiple static NAT like this ip nat inside source static 10.10.10.13 xx.xx.xx.13 ip nat inside source static 10.10.10.11 xx.xx.xx.11 ...... Once a while when after lot of downloading/uploading, I failed to access all mapped machines except the router. And I have to reload the router to recover the access. When I look at the router's NAT table when it fails, there are hundred's entries like this (same external IP downloading from the server inside the router) 10.10.10.11 : 80 xx.xx.xx.xx : 2049 10.10.10.11 : 80 xx.xx.xx.xx : 2050 10.10.10.11 : 80 ...

NAT overload with some static NAT's and a block public IP's
Please review the config below : interface GigabitEthernet0/0 ip address 192.168.1.254 255.255.255.0 ip nat inside no cdp enable ! interface ATM0/0/0 dsl equipment-type CPE dsl operating-mode GSHDSL symmetric annex B dsl linerate AUTO pvc 0/35 encapsulation aal5mux ppp dialer dialer pool-member 10 ! ! interface Dialer10 ip address 80.80.80.9 255.255.255.248 ip nat outside encapsulation ppp dialer pool 10 dialer persistent ppp authentication pap callin ppp pap sent-username user password pass ! ip classless ip route 0.0.0.0 0.0.0.0 Dialer10 permanent ! ip nat translation tim...

Cisco 1801 - ADSL/PPPoE - IPSec - Static NAT ---- 56K Dial Backup
I am looking for a little guidance on coming up with a configuration for a very complicated situation. What I'm looking to do is to run a PPPoE ADSL connection on a Cisco 1801. This 1801 will then need to do an IPSec tunnel back to a Juniper ERX. Also, I will need to do several Static NATs with one of the subnets that will be tunneled. For example, the ethernet subnet of the Cisco will be 192.168.100.254/24. I will then route 10.20.95.0/24 via the IPSec tunnel and will need to create specific Static NAT's throughout the subnet, such as 10.20.95.1 will equal 192.168.100.100. The r...

several nat overload
Hello! I want to have two nat overload Gi 0/0 is internal interface with nat inside Gi 0/0.5 is external with nat outside There is rule: ip nat inside source list 2 interface GigabitEthernet0/0.5 overload If I try ip nat inside source list 2 interface GigabitEthernet0/0.8 overload I get %Dynamic mapping in use, cannot change If I add ip nat inside source list 3 interface GigabitEthernet0/0.8 overload and add ip nat outside on Gi 0/0.8 then there is no translations in sh ip nat translations Is it possible to solve this problem? "Dmitry Melekhov" <dm@belkam.com> wrot...

Direct connections through NAT/firewall
I'm involved with some research at the University of Manitoba (in Winnipeg, Canada) this summer. My colleagues and I are in the process of developing a method for reliably establishing direct connections over the Internet between two hosts that are both behind NAT gateways. The software we've come up with runs in userspace linux, so there is no kernel or network stack tweaking required. It can easily be extended to multiple operating systems. No ports have to be explicitly opened at the firewall. And the method is able to "break through" several kinds of NAT/firewalls...

Dynamic NAT w/ Overload
Hi all, I seem to be having a really dumb problem, i know it is something simple that i am overlooking, and i have removed anything that i can think of that would be blocking my internal network from getting out, however when i do a show ip nat translations, it shows none. and nothing on my network can get out. My config is listed below, if you can help i would greatly appreciate it. Current configuration : 1620 bytes ! ! Last configuration change at 19:54:11 UTC Thu Feb 22 2007 by ********* ! NVRAM config last updated at 19:43:01 UTC Thu Feb 22 2007 by ********* ! version 12.2 no service pad...

NAT Overload and load sharing
I have a Cisco 2650 with IOS 12.3 (c2600-i-mz.123-16.bin), a fast ethernet, and 2 Int T1 CSU/DSU cards. Verizon has just enabled the second T-1 line for constant operation--it was previosly just a backup line. Each T-1 is using frame relay on a serial sub-interface and has ip addresses assigned-- using a /30 subnet. The FA0/0 is defined as ip nat inside and the Serial Sub Interfaces are designated as ip nat outside. I was using" ip nat inside source list 10 interface s0/0.1 overload" to allow internal users access to the Internet. I can now use the ip nat pool test netmask ...

Problem on 1720 with overload nat
Hi everyone, I have a problem on a 1720 with the IOS 12.0(3)T. It is connected to two private networks (192.168.X.X and 10.Y.Y.Y), correctly configured on the two network interfaces. I have implemented an nat pool to translate all 192.168.X.X IP addresses on connections going to 10.Y.Y.Y to source address 10.208.7.15 and four static nat allowing 10.Y.Y.Y to access four different servers on 192.168.X.X network. The problem is that the router is working ok after reload for a certain time (I think about 24 hours, altough not sure yet about the lapse of time), changing correctly all 192.16...

Trouble with Cisco 1600 doing NAT overload
I'm having a bit of trouble. Could someone look over my config and tell me what I have wrong? Here is the scenario: I can ping any ip address on the net. I can telnet, do DNS lookups, etc from the router itself. When I do a show ip nat trans I get lots of translations listed. (port 53 as expected when I do DNS lookups). According to the ISP, they see my packets go out, and come back, but they don't get back to the workstation. When I try to do a DNS lookup from any internal workstation, however, it fails. I can ping, but anything else doesn't come back to the workstation. It...

UDP source ports using PAT (NAT overload)
Hi Everyone, I have a Cisco 1720 router with 2 Ethernet and a T1 interface. One of the ethernet interfaces is setup to use NAT. The problem is that my company is writing a small application that uses UDP. The app uses a single, specific source port address and calls a specific, static port number at one remote address. The problem is that the external interface of the router opens the exact same port number on the external interface for each connection rather than opening a random one. This causes the obvious problems with socket identification at the other end and scuttles communication. Do...

Using multiple outside interface with ip nat overload
Hello, I am trying to figure out if it is possible to use more than one external interface with ip nat overload. This ist not the complete config, just a sample with the most inportant configuration tasks. eth0 10.0.0.1 255.255.255.0 ip nat inside bri0 encapsulation ppp dialer pool-member 1 dialer pool-member 2 dialer1 ip address negotiated ip nat outside dialer pool 1 encapsulation ppp dialer2 ip address negotiated ip nat outside dialer pool 2 encapsulation ppp ip nat inside source list 101 dialer1 overload ip nat inside source list 102 dialer2 ove...

UDP ports using PAT (NAT overload)
Hi Everybody, Below is a thread that I started a while ago and didn't complete. If anyone has an answer I'd be very grateful. Greg ------- ------- > >> Hi Everyone, > >> > >> I have a Cisco 1720 router with 2 Ethernet and a T1 interface. One of > >> the ethernet interfaces is setup to use NAT. The problem is that my > >> company is writing a small application that uses UDP. The app uses a > >> single, specific source port address and calls a specific, static port > >> number at one remote address. The problem is that t...

Info on Cisco NAT (overload) and MS PPTP Server
FYI : I placed a MS Windows 2000 Server configured as a PPTP Server behind a Cisco 2650 (IOS 12.3) router doing static NAT translation of the PPTP port and IP port. The Cisco was also doing overload NAT translations of the internal ip address range. The 2000 RRAS Server was obtaining int ip addresses from an int DHCP server. In the present Cisco IOS 12.3. incarnation this does not work. The cisco will not handle the underlying PPP protocol with overlaod NAT, but will work if static translations are in place. The PPP protocol does not expose ports that are needed for the overload NAT to...

function overloading: direct-match vs trivial-conversion
Suppose T is a type. Consider the two functions: void fn(T& first) { .... } void fn(T const & second) { .... } Suppose I have the declaration T obj; If I call fn(obj), then the function, void fn(T& first) will be called. This is because: When both 1) 'T' to 'T&' (this is a direct match) 2) 'T' to 'T const &' (this involves trivial conversion) are present, direct match takes higher precedence. If direct match is not found, only then trivial conversion is considered. That is, if the first function void fn(T& first) is not present, onl...

Direct IP dialing with Grandstream HandyTone 286 behind NAT?
Hi guys, I was just wondering is it possible to get the HT286 to work for Direct IP dialing behind NAT? without going through any SIP server It is possible, thought require some extra efforts to do it. You will have to clear the configuration of the device so it does not register to any server, disable random port, and do the appropriate port forwarding settings in the NAT. "SniperSquad" <yevgeny_kissin@hotmail.com> wrote in message news:<6h0Lb.5006$9k7.106857@news.xtra.co.nz>... > Hi guys, I was just wondering is it possible to get the HT286 to work for...

[tao-users] How to config the cosNotify to Bi-Directional one? I want use it throw NAT.
--bcaec52160edcc714404ad7614d2 Content-Type: text/plain; charset=ISO-8859-1 hi all, How to config the cosNotify to Bi-Directional one? I want use it throw NAT. Any suggestions welcome, thanks. --bcaec52160edcc714404ad7614d2 Content-Type: text/html; charset=ISO-8859-1 <div>hi all,</div><div>How to config the cosNotify to Bi-Directional one? I want use it throw NAT.</div><div>Any suggestions welcome, thanks.</div><div><br></div> --bcaec52160edcc714404ad7614d2-- ...

NAT to NAT
Hi I am running VNC on a machine on my network behind my NAT router. I have forwarded the ports and everything and have checked that they work by using the tools at: http://www.psi-rho.com/dsltools/ (i used the webserver one because VNC's reply shows in it. The ports are open and reply back and everything and i have even managed to get friends to connect to me but when i go to college i cant connect. I am assuming that my college uses NAT too. Could this be causing problems? I first assumed that they had blocked the port so i even tried using the webserver in VNC to connect. I realised t...

NAT versus NO NAT
We currently have several web servers behind a firewall in the DMZ (DMZ port of the firewall). Each server has a public facing IP address. We will be switching firewalls and I would like to get opinions if we should implement NAT for the web servers or stay with the current configuration? Thanks for responding. <interflex@hotmail.com> wrote in message news:1153968699.062764.95940@h48g2000cwc.googlegroups.com... > We currently have several web servers behind a firewall in the DMZ (DMZ > port of the firewall). Each server has a public facing IP address. We > will be switc...

Opinions: To NAT or not to NAT?
Greetings, I'm looking for some expert opinions on the following question: Should individual departments in a large university be behind NAT firewalls or transparent firewalls? Proposal (1): The university assigns every PC (and Mac, and network printer, and whatnot) an IP address from its allocation, and DHCP-serves the PC from its central DHCP server, which also serves as an inventory of networked computers on campus. Departments are encouraged to get firewalls, which must be transparent and capable of DHCP relaying. Departmental subnets work whether or not a firewall is present. ...

function overload (not operator overload)
Can I do function overload in Perl (not operator) ? I'd like to create a function, which accepts an object array or an object iterator as argument ... I've googled "perl function overload", but all I get is about operator overload... what can I do in my case ? (except calling them by func_array(@array) and func_iter($iter)) -- self-producing in perl : $_=q(print"\$_=q($_);eval;");eval; -- V Vinay Ying-Chieh Liao <ijliao@csie.nctu.edu.tw> wrote in comp.lang.perl.misc: > Can I do function overload in Perl (not operator) ? > I'd like to create...

Overloading an existing overloaded subroutine
Hello, I am using a fortran library that provides subroutines that are already overloaded, and I would like to overload them further, but I can't seem to be able to do that. Consider the following example: module a interface do module procedure do_real, do_str end interface contains subroutine do_real(x) real,intent(in) :: x end subroutine do_real subroutine do_str(x) character(len=*),intent(in) :: x end subroutine do_str end module a module b use a, do_old => do interface do module procedure do_old, do_int end interface do c...