13.30 NAT Default Interface

Andy body have a good link on this subject.  Not sure exactly what it does and what command enables that to happen.

Comments

  • Ya I dont really understand the issue and how it's resolved in this task.  what key commnad sets the default interface for NAT ?  I also do not understand why or when we woudl use this.  Search of cisco website and google got me nothing.  If I know what key word enabled the default interface i could ty looing that up but I dont see it. 

     

     

    ip nat inside source list ALL interface s0/0 overload

    ip nat inside source static 150.1.8.8 int s0/0

     

     

  • Ya I dont really understand the issue and how it's resolved in this task.

    So the first command creates address translations for traffic originating behind R5.  Clearly return traffic for these flows would be allowed too.

    The second command allows any inbound traffic not match any existing flows to reach through to SW2.  Without this line you would not be able to initiate these flows. 

    Not a best pratice example - but say 150.1.8.8 was a wb server then you would be able to get to this server via 155.1.45.5. Also you can translate traffic originating behind R5 to 155.1.45.5 too using PAT.

    HTH

  • Sorry not following, where does the default interface come in? 

     

     

     

    From: [email protected] [mailto:[email protected]] On Behalf Of welshydragon
    Sent: Tuesday, July 17, 2012 10:35 AM
    To: Bodnar, Edward
    Subject: Re: [iewb-rs-vol1-v5-ipserv] 13.30 NAT Default Interface

     

    Ya I dont really understand the issue and how it's resolved in this task.

    So the first command creates address translations for traffic originating behind R5.  Clearly return traffic for these flows would be allowed too.

    The second command allows any inbound traffic not match any existing flows to reach through to SW2.  Without this line you would not be able to initiate these flows. 

    Not a best pratice example - but say 150.1.8.8 was a wb server then you would be able to get to this server via 155.1.45.5. Also you can translate traffic originating behind R5 to 155.1.45.5 too using PAT.

    HTH




    Internetwork Expert - The Industry Leader in CCIE Preparation
    http://www.internetworkexpert.com

    Subscription information may be found at:
    http://www.ieoc.com/forums/ForumSubscriptions.aspx

  • And both commands have inside source set. How does this translate inbound traffic at all. 

     

    From: [email protected] [mailto:[email protected]] On Behalf Of welshydragon
    Sent: Tuesday, July 17, 2012 10:35 AM
    To: Bodnar, Edward
    Subject: Re: [iewb-rs-vol1-v5-ipserv] 13.30 NAT Default Interface

     

    Ya I dont really understand the issue and how it's resolved in this task.

    So the first command creates address translations for traffic originating behind R5.  Clearly return traffic for these flows would be allowed too.

    The second command allows any inbound traffic not match any existing flows to reach through to SW2.  Without this line you would not be able to initiate these flows. 

    Not a best pratice example - but say 150.1.8.8 was a wb server then you would be able to get to this server via 155.1.45.5. Also you can translate traffic originating behind R5 to 155.1.45.5 too using PAT.

    HTH




    Internetwork Expert - The Industry Leader in CCIE Preparation
    http://www.internetworkexpert.com

    Subscription information may be found at:
    http://www.ieoc.com/forums/ForumSubscriptions.aspx

  • And both commands have inside source set

    The second one is a equivalent to a static translation.  As you know this will allow inbound and outbound traffic.  Does this make sense or do I need to elaborate more?

  • So I am looking for a keyword or a command that tells the IOS that this is allowed.  Good example is the next task 13.31 

     

    Ip nat inside source route-map CREATE_EXTENDEDABLE_ENTRIES pool POOL reversible

     

    Reversable = this function. 

     

    How does the ios know to allow traffic back in using the default interface

     

    From: [email protected] [mailto:[email protected]] On Behalf Of [email protected]
    Sent: Tuesday, July 17, 2012 11:18 AM
    To: Bodnar, Edward
    Subject: RE: [iewb-rs-vol1-v5-ipserv] 13.30 NAT Default Interface

     

    And both commands have inside source set. How does this translate inbound traffic at all. 

     

    From: [email protected] [mailto:[email protected]] On Behalf Of welshydragon
    Sent: Tuesday, July 17, 2012 10:35 AM
    To: Bodnar, Edward
    Subject: Re: [iewb-rs-vol1-v5-ipserv] 13.30 NAT Default Interface

     

    Ya I dont really understand the issue and how it's resolved in this task.

    So the first command creates address translations for traffic originating behind R5.  Clearly return traffic for these flows would be allowed too.

    The second command allows any inbound traffic not match any existing flows to reach through to SW2.  Without this line you would not be able to initiate these flows. 

    Not a best pratice example - but say 150.1.8.8 was a wb server then you would be able to get to this server via 155.1.45.5. Also you can translate traffic originating behind R5 to 155.1.45.5 too using PAT.

    HTH




    Internetwork Expert - The Industry Leader in CCIE Preparation
    http://www.internetworkexpert.com

    Subscription information may be found at:
    http://www.ieoc.com/forums/ForumSubscriptions.aspx




    Internetwork Expert - The Industry Leader in CCIE Preparation
    http://www.internetworkexpert.com

    Subscription information may be found at:
    http://www.ieoc.com/forums/ForumSubscriptions.aspx

  • Owe on I think I see.  So we are adding 2 nat’s one is static to allow all return traffic back the other is dynamic.  I think I get it.  Title is confusing on the task.  Thanks for the help.  I think I get it now. 

     

    From: [email protected] [mailto:[email protected]] On Behalf Of welshydragon
    Sent: Tuesday, July 17, 2012 12:24 PM
    To: Bodnar, Edward
    Subject: Re: [iewb-rs-vol1-v5-ipserv] RE: 13.30 NAT Default Interface

     

    And both commands have inside source set

    The second one is a equivalent to a static translation.  As you know this will allow inbound and outbound traffic.  Does this make sense or do I need to elaborate more?




    Internetwork Expert - The Industry Leader in CCIE Preparation
    http://www.internetworkexpert.com

    Subscription information may be found at:
    http://www.ieoc.com/forums/ForumSubscriptions.aspx

  • Ip nat inside source route-map CREATE_EXTENDEDABLE_ENTRIES pool POOL reversible

    This is a slightly differ feature - in this case an inside host creates a translation.  Outside hosts can these use that translation to get back to the inside host.

    So simplistically - you are opening an IP address wide pinhole - which allows any outside host to setup a session back to you.

  • This is an OLD post but....to clear it up: 

     

    The traffic originating on R5 will be translated by "ip nat inside source list"

    "ip nat source static" works both ways. 

  • And both commands have inside source set

    The second one is a equivalent to a static translation.  As you know this will allow inbound and outbound traffic.  Does this make sense or do I need to elaborate more?

     

    Thanks Welshy. Because of this post I actually slowed down and properly "LOOKED" at the SG instead of my eyes scanning the SG config for the "default interface" keyword (or something similar)

    Tox!

     

     

Sign In or Register to comment.