Monday, September 07, 2009

NAT virtual interface

Legacy NAT is domain based NAT. You need to define inside and outside. And the order of routing and NAT is different.
Traffic from outside, NAT first then routing.
Traffic from inside, routing first then NAT.

The new NAT virtual interface has no difference between interface outside or inside.
1. First it will check the packet to see if it needs to be NAT
2. If it needs to be NAT, it will be routed to the virtual interface then doing the NAT.
3. After the NATed, it will be routed again.

Sample:

R3:
interface Serial 1/0.301 point-to-point
no ip nat inside
ip nat enable
!
interface Serial 1/0.302 multipoint
no ip nat outside
ip nat enable

!
!  Remove old rules
!
no ip nat inside source static 155.1.13.1 155.1.23.1
no ip nat outside source static 155.1.23.2 155.1.13.2

!
! Add "domainless" rules
!
ip nat source static 155.1.13.1 155.1.23.1
ip nat source static 155.1.23.2 155.1.13.2


Posted by at
Labels:

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)