Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > Newsgroups > Computing > Cisco > NAT Multicast question

Reply
Thread Tools

NAT Multicast question

 
 
tsvanduyn@yahoo.com
Guest
Posts: n/a
 
      02-23-2006
I want to know if it is possible to NOT translate a the multicasting
from address 172.24.2.34 but at the same time translate the unicast
portion.

I have some hosts that require the multicast stream to show the source
address of 172.24.2.34 but, at the same time I need to be able to use
NAT to get to the Internet for the rest of the address.

Any help would be appreciated. I've been checking over Cisco's site
and haven't found out whether or not this is even possible or if there
is a specific name for what I am trying to do.

Thanks,
Travis

 
Reply With Quote
 
 
 
 
Walter Roberson
Guest
Posts: n/a
 
      02-23-2006
In article <(E-Mail Removed) .com>,
http://www.velocityreviews.com/forums/(E-Mail Removed) <(E-Mail Removed)> wrote:
>I want to know if it is possible to NOT translate a the multicasting
>from address 172.24.2.34 but at the same time translate the unicast
>portion.


>I have some hosts that require the multicast stream to show the source
>address of 172.24.2.34 but, at the same time I need to be able to use
>NAT to get to the Internet for the rest of the address.


You did not mention the platform or software revision.

Generally speaking, this sounds like a job for a policy nat.

You would use two nat translations, the first of which
translated 172.24.2.34 to itself if an ACL was matched, with
the ACL being something along the lines of

access-list 100 permit host 172.24.2.34 224.0.0.0 15.255.255.255
access-list 100 permit host 172.24.2.34 240.0.0.0 0.255.255.255

(or, better yet, restrict the ACL to matching only the multicast range
that you will actually use.)

The second ACL, for the second policy nat, could be

access-list 100 permit host 172.24.2.34 any

because all the traffic that was not to be natted would already have
been diverted by the first nat.
 
Reply With Quote
 
 
 
 
ciscodagama@gmail.com
Guest
Posts: n/a
 
      02-23-2006
Actually you should not need to use NAT to translate 172.24.2.34 to
itself because any packets that don't meet the NAT criteria (as
specified by the ACL or route map or the static translation) will be
routed without any translation. So, all you need is an ACL that has
one entry to deny any flows from 172.24.2.34 to the multicast groups
you have and another one to allow 172.24.2.34 to any destination
addresses (in that order). Then use that ACL directly in the "ip nat
inside source list" command or use it via a route-map. That will cause
only flows from 172.24.2.34 not destined to any multicast addresses to
be NATed.

Note that if you are using static translation right now using "ip nat
inside source static", you don't necessarily have to switch to using
dynamic translation using ACLs or route maps. In more recent images
there is now the ability to use route maps in conjunction with static
NAT to achieve what you want. Here is the link for that feature in
case you are using static NAT and need to use this

http://www.cisco.com/univercd/cc/td/...t4/ftnatrt.htm

Cisco da Gama
http://ciscostudy.blogspot.com

 
Reply With Quote
 
tsvanduyn@yahoo.com
Guest
Posts: n/a
 
      02-23-2006
Thanks for your reply. I was able to try what you said and found out
what I was doing wrong. I used tcp and udp in the statement
access-list 100 permit UDP .... instead of access-list 100 permit IP.
I should have been using IP the whole time. Thank you again for your
assistance.

 
Reply With Quote
 
Barry Margolin
Guest
Posts: n/a
 
      02-24-2006
In article <(E-Mail Removed). com>,
"(E-Mail Removed)" <(E-Mail Removed)> wrote:

> Thanks for your reply. I was able to try what you said and found out
> what I was doing wrong. I used tcp and udp in the statement
> access-list 100 permit UDP .... instead of access-list 100 permit IP.
> I should have been using IP the whole time. Thank you again for your
> assistance.


There were at least two responses, which one are you referring to when
you say "what you said"? Please include context in replies so that
readers know what you're talking about. Since you use Google Groups,
see:

http://cfaj.freeshell.org/google/

--
Barry Margolin, (E-Mail Removed)
Arlington, MA
*** PLEASE post questions in newsgroups, not directly to me ***
*** PLEASE don't copy me on replies, I'll read them in the group ***
 
Reply With Quote
 
Walter Roberson
Guest
Posts: n/a
 
      02-24-2006
In article <(E-Mail Removed) om>,
(E-Mail Removed) <(E-Mail Removed)> wrote:
>Actually you should not need to use NAT to translate 172.24.2.34 to
>itself because any packets that don't meet the NAT criteria (as
>specified by the ACL or route map or the static translation) will be
>routed without any translation.


That depends on what the original poster's platform is, which was
unspecified. If it is PIX 6.3, then Cisco indicates that you must
not mix a static NAT and a policy NAT for the same IP. In PIX 6.x,
packets that do not meet any static or NAT will be dropped, not routed.
 
Reply With Quote
 
ciscodagama@gmail.com
Guest
Posts: n/a
 
      02-24-2006

Walter Roberson wrote:

> That depends on what the original poster's platform is, which was
> unspecified. If it is PIX 6.3, then Cisco indicates that you must
> not mix a static NAT and a policy NAT for the same IP. In PIX 6.x,
> packets that do not meet any static or NAT will be dropped, not routed.


Thanks for the clarification. I was assuming this was a Cisco router
running IOS. I am not familiar with the PIX and so that possibility
did not occur to me at all!

Cisco da Gama
http://ciscostudy.blogspot.com

 
Reply With Quote
 
 
 
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
NAT Configuration question: verifying availability before NAT Sri Cisco 0 07-19-2005 02:13 PM
Identity Nat v Exemption NAT Kenny D Cisco 1 05-08-2004 03:11 PM
NAT exemption versus Static NAT. Where is the difference? Anonymous Poster Cisco 0 04-26-2004 04:29 AM
Attn: NAT Experts - 2611XM and NAT pool JCVD Cisco 1 02-13-2004 12:30 PM
NAT or Not to NAT; how to do an Internet connection for a 100-PC company ? Al Dykes Cisco 8 10-29-2003 12:34 AM



Advertisments