This topic is to discuss the following lesson:
Excellent article. I especially like this kind of setup because they are rare and enforce us to make our brain work harder.
I think there’s some kind of typo in the beginning, in the basic configuration of R2. The following line seems to be missing:
R2(config)#interface fa0/0 R2(config-if)#no shutdown R2(config-if)#ip address 192.168.12.2 255.255.255.0 R2(config-if)#interface loopback 0 <- This one R2(config-if)#ip address 18.104.22.168 255.255.255.0
Merci for letting me know, I just fixed it. I also like these kind of scenarios, it really helps to understand the way Cisco IOS processes packets and makes us think a bit more.
Rene, you are a great person, thank you for all
Thank you as well David
Brilliant article. Network Lessons is another great work done by you !!!
Continue this way you are great !!!
Very Thankful for your Post and all of them are very good for me.
Happy New Year !!! RENE
Interesting and epic work, seems to me like one of the funky CCIE scenarios…
Glad to hear you like it. It’s something I encountered during my CCIE studies.
Thanks Klaus! Glad you like it!
i access a server That server not have GW behind a router how to config this nat ((plz describe DNAT and Full NAT in serprate article))
Take a look at this example:
You can use the same example if you want 1:1 NAT without specifying specific port numbers.
Great article! thanks for sharing.
I am wondering if there is a real world scenario where you would need to apply Nat on a Stick, specially the second exercise…
It’s unlikely to see this particular scenario…with the loopbacks, PBR and NAT it’s all a bit too much
On the ASA it is common though. Sometimes you might encounter “hairpinning” (inside-to-inside NAT). The configuration is a bit more straight-forward. Take a look at this example:
You are awesome.
Thanks again bhargavi for your words. You message has been forwarded to Rene.
Very interesting ; but, I have some questions.
I do not see the signification of “PBR” in the lesson ?
In the first scenario, the answer is return back by a “Reply” arrow. But, in second and third scenarios, the answer is returned by a “NAT” arrow. What is the difference between “Reply” and “NAT” answers ?
If you notice after the second diagram, it states that any traceroute initiated from R1 to R2 will cause FastEthernet 0/0 to respond rather than going all the way to the loopback interface and back triggering a NAT translation. This is remedied by using PBR.
The difference is that in the first case, no NAT translations take place. After PBR is implemented, NAT translations take place, packets reach the loopback interface and are returned back to R1 having already gone through a NAT translation.
I hope this has been helpful!
Awesome article Rene! Thanks for putting it together. How about if we switch the INSIDE and OUTSIDE NAT interfaces? and configure the NAT translation instead. That way, there won’t be a need to configure a local policy.
[R1]--------------(NAT OUTSIDE) [R2] ---- loopback0 (NAT INSIDE)
ip nat inside source list 100 interface Loopback0 overload
R1#traceroute 192.168.12.2 numeric Type escape sequence to abort. Tracing the route to 192.168.12.2 VRF info: (vrf in name/id, vrf out name/id) 1 22.214.171.124 3 msec * 2 msec
Your scenario does indeed fulfill the requirement of having the loopback respond in the traceroute. Thanks for sharing that!
One of the restrictions that was mentioned in the lesson is that we require traffic to flow from the inside interface to the outside interface such that the sender of the ICMP packets is on the inside of the network.
It’s always interesting to see multiple scenarios and thanks once again for sharing!