Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > Newsgroups > Computing > Cisco > IOS Nat with multiple outside interfaces & pools

Reply
Thread Tools

IOS Nat with multiple outside interfaces & pools

 
 
zavrik zavrik is offline
Junior Member
Join Date: Nov 2007
Posts: 3
 
      11-07-2007
Hi!
I've tried various examples, including from this newsgroup, but none seem to work properly.
Here's my scenario:
I have a 3845 with IOS 12.4(11)T2. 4 interfaces, 1 looks into LAN (172.16 net), 2nd also looks into a LAN, with 1.1.1 subnet (a local necessity, presents no problems), both LAN interfaces marked as "nat inside" and packets from them accepted fine. 3rd looks into copropare network with 10.xxx subnet, and 4th looks into Internet.
What I need:
When I'm trying to send something from 172.16.0.0/24 subnet to corporate 10 network, it gets natted out on the 10.1.14.26 interface (AND, if the packets are destined for 192.168 net, they are not natted). When I'm trying to send something from 1.1.1 subnet to the Internet (i.e. all other destinations), it gets natted out on the 89.x.x.x interface.
All routes are done correctly, from router everything works.

Current config:

interface GigabitEthernet0/0
description office_LAN
ip address 172.16.0.1 255.255.0.0
ip nat inside
ip virtual-reassembly
!
interface GigabitEthernet0/2
description Corp_link
ip address 10.1.14.26 255.255.255.248
ip nat outside
ip virtual-reassembly
!
interface GigabitEthernet0/3
description ProxyLAN
ip address 1.1.1.1 255.255.255.252
ip nat inside
ip virtual-reassembly
!
interface GigabitEthernet0/1
ip address 89.x.x.x 255.255.255.240
ip nat outside
ip virtual-reassembly



ip nat pool CORP 10.1.14.26 10.1.14.26 prefix-length 29
ip nat pool Tyrnet 89.x.x.x 89.x.x.x prefix-length 28
ip nat inside source route-map CorpMAP pool CORP overload
ip nat inside source route-map NatMAP pool Tyrnet overload


access-list 2000 permit ip host 1.1.1.2 any
access-list 2001 deny ip 172.16.0.0 0.0.255.255 192.168.0.0 0.0.255.255
access-list 2001 permit ip 172.16.0.0 0.0.0.255 any
!
!
!
route-map NatMAP permit 10
match ip address 2000
!
route-map CorpMAP permit 1
match ip address 2001


Problem:
The Internet pool and map works perfect, pings fly.
The CORP pool and map seem not to work at all, when I try from a 172.16.0 workstation it replies:
Tracing route to 10.0.34.65 over a maximum of 30 hops
1 <1 ms <1 ms <1 ms 172.16.0.1
2 * 172.16.0.1 reports: Destination host unreachable.


What could it be??? Judging by Cisco's own examples with multiple pools, this should work....
 
Reply With Quote
 
 
 
 
zavrik zavrik is offline
Junior Member
Join Date: Nov 2007
Posts: 3
 
      11-15-2007
Emm... no one has an answer?
 
Reply With Quote
 
 
 
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
NAT on 2 outside interfaces wybenga Cisco 1 04-24-2009 08:00 PM
help with pix inside->outside + dmz->outside + inside->outside->dmz Jack Cisco 0 09-19-2007 01:57 AM
nat from outside to outside dt1649651@yahoo.com Cisco 1 08-21-2005 04:26 PM
PIX - mixing "nat 0 access-list" with nat/global pools Matthew Melbourne Cisco 2 02-12-2005 03:17 PM
NAT port mapping between one inside server and two outside dhcp interfaces Kevin Cisco 4 11-28-2003 02:38 AM



Advertisments