You have to define a extended ACL
ip nat inside source list 100 pool Nat-Pool overload ip nat pool Nat-Pool
a.b.c.x a.b.c.x netmask 255.255.255.224
access-list 100 deny 192.168.0.0/24 10.0.0.0/24 access-list 100 deny
10.0.0.0/24 192.168.0.0/24 access-list 100 permit 192.168.0.0/24 any
access-list 100 deny 10.0.0.0/24 any
BTW: you can better use a NAT pool instead of an Static NAT address because
static NAT is bidirectional.
-----Oorspronkelijk bericht-----
Van: foundry-nsp-bounces@puck.nether.net
[mailto:foundry-nsp-bounces@puck.nether.net] Namens elliot moore
Verzonden: maandag 6 december 2004 18:37
Aan: foundry-nsp@puck.nether.net
Onderwerp: [f-nsp] NAT / routing /IP fwd issue
Hello!
I have an 8port ServerIron XL (Forwarding Traffic to/from multiple sub-nets
In separate broadcast domains)
(For this email, I substitute my real ip range with aa.bb.cc.0/27)
Setup
====
vlan1 - public IPs aa.bb.cc.0/27 - ve1
vlan2 - private IPs 10.0.0.0/24 - ve2
vlan3 - private IPs 192.168.0.0/24 - ve3
The server-iron is the default gateway for hosts on both private networks
it load-balances traffic from 10.0.0.0/24 to 192.168.0.0/24 And
aa.bb.cc.0/27 -> 10.0.0.0/24 And aa.bb.cc.0/27 -> 192.168.0.0/24
Problem
=======
I NAT a host 192.168.0.15, to a public IP, so it can have Internet access.
My problem is that the server-iron also NATs 192.168.0.15 when it connects
with 10.0.0.0 network. Resulting in a source address of aa.bb.cc.10 The same
happens if I give a public host NAT mapping to a host in the 10.0.0.0
network, If it then connects with a host in the 192.168.0.0 network it is
also natted with a public address.
Is there I can configure the server-iron to only NAT for access to 0.0.0.0
(Internet access) and not 10.0.0.0/192.168.0.0
Thanks in advance!
ells..
helpful config extracts ?
=================
SW: Version 07.3.03T12
#sh ip route
Destination NetMask Gateway Port
Cost
Type
1 10.0.0.0 255.255.255.0 0.0.0.0
Ve 2 1
D
2 aa.bb.cc.0 255.255.255.224 0.0.0.0 Ve 1
1
D
3 192.168.0.0 255.255.255.0 0.0.0.0
Ve 3 1
D
4 0.0.0.0 0.0.0.0 aa.bb.cc.1
Ve 1 1
S
ip forward
ip address 192.168.0.254 255.255.255.0
ip nat inside
ip nat inside source static 192.168.0.15 aa.bb.cc.10
_______________________________________________
foundry-nsp mailing list
foundry-nsp@puck.nether.net
http://puck.nether.net/mailman/listinfo/foundry-nsp
ip nat inside source list 100 pool Nat-Pool overload ip nat pool Nat-Pool
a.b.c.x a.b.c.x netmask 255.255.255.224
access-list 100 deny 192.168.0.0/24 10.0.0.0/24 access-list 100 deny
10.0.0.0/24 192.168.0.0/24 access-list 100 permit 192.168.0.0/24 any
access-list 100 deny 10.0.0.0/24 any
BTW: you can better use a NAT pool instead of an Static NAT address because
static NAT is bidirectional.
-----Oorspronkelijk bericht-----
Van: foundry-nsp-bounces@puck.nether.net
[mailto:foundry-nsp-bounces@puck.nether.net] Namens elliot moore
Verzonden: maandag 6 december 2004 18:37
Aan: foundry-nsp@puck.nether.net
Onderwerp: [f-nsp] NAT / routing /IP fwd issue
Hello!
I have an 8port ServerIron XL (Forwarding Traffic to/from multiple sub-nets
In separate broadcast domains)
(For this email, I substitute my real ip range with aa.bb.cc.0/27)
Setup
====
vlan1 - public IPs aa.bb.cc.0/27 - ve1
vlan2 - private IPs 10.0.0.0/24 - ve2
vlan3 - private IPs 192.168.0.0/24 - ve3
The server-iron is the default gateway for hosts on both private networks
it load-balances traffic from 10.0.0.0/24 to 192.168.0.0/24 And
aa.bb.cc.0/27 -> 10.0.0.0/24 And aa.bb.cc.0/27 -> 192.168.0.0/24
Problem
=======
I NAT a host 192.168.0.15, to a public IP, so it can have Internet access.
My problem is that the server-iron also NATs 192.168.0.15 when it connects
with 10.0.0.0 network. Resulting in a source address of aa.bb.cc.10 The same
happens if I give a public host NAT mapping to a host in the 10.0.0.0
network, If it then connects with a host in the 192.168.0.0 network it is
also natted with a public address.
Is there I can configure the server-iron to only NAT for access to 0.0.0.0
(Internet access) and not 10.0.0.0/192.168.0.0
Thanks in advance!
ells..
helpful config extracts ?
=================
SW: Version 07.3.03T12
#sh ip route
Destination NetMask Gateway Port
Cost
Type
1 10.0.0.0 255.255.255.0 0.0.0.0
Ve 2 1
D
2 aa.bb.cc.0 255.255.255.224 0.0.0.0 Ve 1
1
D
3 192.168.0.0 255.255.255.0 0.0.0.0
Ve 3 1
D
4 0.0.0.0 0.0.0.0 aa.bb.cc.1
Ve 1 1
S
ip forward
ip address 192.168.0.254 255.255.255.0
ip nat inside
ip nat inside source static 192.168.0.15 aa.bb.cc.10
_______________________________________________
foundry-nsp mailing list
foundry-nsp@puck.nether.net
http://puck.nether.net/mailman/listinfo/foundry-nsp