Help with NAT configuration on a Catalyst 6500 with no FWSM

Discussion in 'Cisco' started by Bryan, Dec 6, 2006.

  1. Bryan

    Bryan Guest

    Hello all,

    So, here's my situation:

    I have a Catalyst 6500 (with no Firewall Services Module) with a
    switchport interface (let's call it the external interface) configured
    with an ip address of 10.1.1.254 and a vlan interface (vlan 101)
    configured with an ip address of 172.16.1.254.

    I have another switchport interface assigned to vlan 101 and a computer
    connected to that switchport with an ip address of 172.16.1.101 and the
    gateway set to 172.16.1.254.

    I have a computer connected to the external interface with an ip
    address of 10.1.1.101 and the gateway set to 10.1.1.254.

    I can ping from 10.1.1.101 to 172.16.1.101 and visa versa with no
    problems.

    Now what I would like to do is set up NATing on the vlan interface such
    that any traffic coming from the 10.1.1.0 network looks like it's
    coming from the vlan interface itself (172.16.1.254) to the computers
    on the 172.16.1.0 network.

    Can anyone help me out with this? I've searched the web for 6500 NAT
    examples but all the results I've seen so far deal with the FWSM. I've
    also tried to figure it out myself by looking at the 'ip nat' commands
    on the 6500 but just don't know where to start...

    Thanks in advance!!!
     
    Bryan, Dec 6, 2006
    #1
    1. Advertisements

  2. Bryan

    Bod43 Guest

    This is no different from any other Cisco NAT.


    int whatever-172.16.1.254 ! e.g int gi 4/7
    ip nat outside

    int whatever-172.16.1.0
    ip nat inside

    ip nat inside source list ACL.nat interface whatever-172.16.1.254
    overload

    ip access-list extended ACL.nat
    permit ip any any

    If you fancy you could use a more restrictive ACL but it
    is not necessary since only the relevant traffic is
    considered for NAT anyway.


    BEWARE:-
    If I recall correctly this will be CPU routed wich will give your
    6500 the same performance as a 7200 ish.
     
    Bod43, Dec 7, 2006
    #2
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.