NAT Multicast question

Discussion in 'Cisco' started by tsvanduyn@yahoo.com, Feb 23, 2006.

  1. Guest

    I want to know if it is possible to NOT translate a the multicasting
    from address 172.24.2.34 but at the same time translate the unicast
    portion.

    I have some hosts that require the multicast stream to show the source
    address of 172.24.2.34 but, at the same time I need to be able to use
    NAT to get to the Internet for the rest of the address.

    Any help would be appreciated. I've been checking over Cisco's site
    and haven't found out whether or not this is even possible or if there
    is a specific name for what I am trying to do.

    Thanks,
    Travis
    , Feb 23, 2006
    #1
    1. Advertising

  2. In article <>,
    <> wrote:
    >I want to know if it is possible to NOT translate a the multicasting
    >from address 172.24.2.34 but at the same time translate the unicast
    >portion.


    >I have some hosts that require the multicast stream to show the source
    >address of 172.24.2.34 but, at the same time I need to be able to use
    >NAT to get to the Internet for the rest of the address.


    You did not mention the platform or software revision.

    Generally speaking, this sounds like a job for a policy nat.

    You would use two nat translations, the first of which
    translated 172.24.2.34 to itself if an ACL was matched, with
    the ACL being something along the lines of

    access-list 100 permit host 172.24.2.34 224.0.0.0 15.255.255.255
    access-list 100 permit host 172.24.2.34 240.0.0.0 0.255.255.255

    (or, better yet, restrict the ACL to matching only the multicast range
    that you will actually use.)

    The second ACL, for the second policy nat, could be

    access-list 100 permit host 172.24.2.34 any

    because all the traffic that was not to be natted would already have
    been diverted by the first nat.
    Walter Roberson, Feb 23, 2006
    #2
    1. Advertising

  3. Guest

    Actually you should not need to use NAT to translate 172.24.2.34 to
    itself because any packets that don't meet the NAT criteria (as
    specified by the ACL or route map or the static translation) will be
    routed without any translation. So, all you need is an ACL that has
    one entry to deny any flows from 172.24.2.34 to the multicast groups
    you have and another one to allow 172.24.2.34 to any destination
    addresses (in that order). Then use that ACL directly in the "ip nat
    inside source list" command or use it via a route-map. That will cause
    only flows from 172.24.2.34 not destined to any multicast addresses to
    be NATed.

    Note that if you are using static translation right now using "ip nat
    inside source static", you don't necessarily have to switch to using
    dynamic translation using ACLs or route maps. In more recent images
    there is now the ability to use route maps in conjunction with static
    NAT to achieve what you want. Here is the link for that feature in
    case you are using static NAT and need to use this

    http://www.cisco.com/univercd/cc/td/doc/product/software/ios122/122newft/122t/122t4/ftnatrt.htm

    Cisco da Gama
    http://ciscostudy.blogspot.com
    , Feb 23, 2006
    #3
  4. Guest

    Thanks for your reply. I was able to try what you said and found out
    what I was doing wrong. I used tcp and udp in the statement
    access-list 100 permit UDP .... instead of access-list 100 permit IP.
    I should have been using IP the whole time. Thank you again for your
    assistance.
    , Feb 23, 2006
    #4
  5. In article <>,
    "" <> wrote:

    > Thanks for your reply. I was able to try what you said and found out
    > what I was doing wrong. I used tcp and udp in the statement
    > access-list 100 permit UDP .... instead of access-list 100 permit IP.
    > I should have been using IP the whole time. Thank you again for your
    > assistance.


    There were at least two responses, which one are you referring to when
    you say "what you said"? Please include context in replies so that
    readers know what you're talking about. Since you use Google Groups,
    see:

    http://cfaj.freeshell.org/google/

    --
    Barry Margolin,
    Arlington, MA
    *** PLEASE post questions in newsgroups, not directly to me ***
    *** PLEASE don't copy me on replies, I'll read them in the group ***
    Barry Margolin, Feb 24, 2006
    #5
  6. In article <>,
    <> wrote:
    >Actually you should not need to use NAT to translate 172.24.2.34 to
    >itself because any packets that don't meet the NAT criteria (as
    >specified by the ACL or route map or the static translation) will be
    >routed without any translation.


    That depends on what the original poster's platform is, which was
    unspecified. If it is PIX 6.3, then Cisco indicates that you must
    not mix a static NAT and a policy NAT for the same IP. In PIX 6.x,
    packets that do not meet any static or NAT will be dropped, not routed.
    Walter Roberson, Feb 24, 2006
    #6
  7. Guest

    Walter Roberson wrote:

    > That depends on what the original poster's platform is, which was
    > unspecified. If it is PIX 6.3, then Cisco indicates that you must
    > not mix a static NAT and a policy NAT for the same IP. In PIX 6.x,
    > packets that do not meet any static or NAT will be dropped, not routed.


    Thanks for the clarification. I was assuming this was a Cisco router
    running IOS. I am not familiar with the PIX and so that possibility
    did not occur to me at all!

    Cisco da Gama
    http://ciscostudy.blogspot.com
    , Feb 24, 2006
    #7
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Sri
    Replies:
    0
    Views:
    455
  2. kartik

    Multicast Question - urgent

    kartik, Sep 29, 2005, in forum: Cisco
    Replies:
    2
    Views:
    8,389
    zillah
    Sep 29, 2006
  3. AN
    Replies:
    0
    Views:
    317
  4. Pat
    Replies:
    7
    Views:
    1,179
    Lutz Donnerhacke
    Dec 11, 2006
  5. mffilip

    Multicast question

    mffilip, Feb 22, 2008, in forum: Cisco
    Replies:
    0
    Views:
    362
    mffilip
    Feb 22, 2008
Loading...

Share This Page