تبلیغات
وبلاگ تخصصی امنیت، شبکه، کامپیوتر و فناوری اطلاعات شرکت ایمن رایان پارسی فردا - Sample Configuration Using the ip nat outside source list Command- CISCO
یکشنبه 1389/07/4  10:14 ق.ظ    ویرایش: - -

Introduction

This document provides a sample configuration with the ip nat outside source list command, and includes a brief description of what happens to the IP packet during the NAT process. You can use this command to translate the source address of the IP packets that travel from outside of the network to inside the network. This action translates the destination address of the IP packets that travel in the opposite direction—from inside to outside of the network. This command is useful in situations such as overlapping networks, where the inside network addresses overlap addresses that are outside the network. Let us consider the network diagram as an example.

Contents

Introduction
Prerequisites
      Requirements
      Components Used
      Conventions
Configure
      Network Diagram
      Configurations
Verify
Troubleshoot
Summary
Cisco Support Community - Featured Conversations
Related Information

Introduction

This document provides a sample configuration with the ip nat outside source list command, and includes a brief description of what happens to the IP packet during the NAT process. You can use this command to translate the source address of the IP packets that travel from outside of the network to inside the network. This action translates the destination address of the IP packets that travel in the opposite direction—from inside to outside of the network. This command is useful in situations such as overlapping networks, where the inside network addresses overlap addresses that are outside the network. Let us consider the network diagram as an example.

Prerequisites

Requirements

There are no specific requirements for this document.

Components Used

This document is not restricted to specific software and hardware versions. However, the information in this document is based on these software and hardware versions:

  • Cisco 2500 series routers

  • Cisco IOS® Software Release 12.2(24a) running on all the routers

The information in this document was created from the devices in a specific lab environment. All of the devices used in this document started with a cleared (default) configuration. If your network is live, make sure that you understand the potential impact of any command.

Conventions

For more information on document conventions, refer to Cisco Technical Tips Conventions.

Configure

In this section, you are presented with the information to configure the features described in this document.

Note: To find additional information on the commands used in this document, use the Command Lookup Tool ( registered customers only) .

Network Diagram

This document uses this network setup:

1a.gif

When ping is sourced from the Router 2514W Loopback0 interface (172.16.88.1) to the Router 2501E Loopback0 interface (171.68.1.1), this occurs:

The Router 2514W forwards the packets to Router 2514X because it is configured with a default route. On the outside interface of Router 2514X, the packet has a source address (SA) of 172.16.88.1 and a Destination Address (DA) of 171.68.1.1. Because the SA is permitted in access-list 1, which is used by the ip nat outside source list command, it is translated to an address from the NAT pool Net171. Notice that the ip nat outside source list command references the NAT pool "Net171". In this case, the address is translated to 171.68.16.10 which is the first available address in the NAT pool. After translation, Router 2514X looks for the destination in the routing table, and routes the packet. Router 2501E sees the packet on its incoming interface with a SA of 171.68.16.10 and a DA of 171.68.1.1. It responds by sending an Internet Control Message Protocol (ICMP) echo reply to 171.68.16.10. If it doesn't have a route, it drops the packet. In this case, it has a (default) route, so it sends a packet to Router 2514X, using an SA of 171.68.1.1 and a DA of 171.68.16.10. Router 2514X sees the packet on its inside interface and checks for a route to the 171.68.16.10 address. If it does not have one, it responds with an ICMP unreachable reply. In this case, it has a route to 171.68.16.10, due to the add-route option of the ip nat outside source command which adds a host route based on the translation between the outside global and outside local address, so it translates the packet back to the 172.16.88.1 address, and routes the packet out its outside interface.



   


نظرات()   

وبلاگ تخصصی امنیت، شبکه، کامپیوتر و فناوری اطلاعات شرکت ایمن رایان پارسی فردا

ایمن رایان پارسی فردا، تکنولوژی و فراتر از آن