That is correct Pieter-Jan
Regards, Tyson Scott - CCIE #13513 R&S, Security, and SP Technical Instructor - IPexpert, Inc. Mailto: <mailto:[email protected]> [email protected] Telephone: +1.810.326.1444, ext. 208 Live Assistance, Please visit: <http://www.ipexpert.com/chat> www.ipexpert.com/chat eFax: +1.810.454.0130 IPexpert is a premier provider of Self-Study Workbooks, Video on Demand, Audio Tools, Online Hardware Rental and Classroom Training for the Cisco CCIE (R&S, Voice, Security & Service Provider) certification(s) with training locations throughout the United States, Europe, South Asia and Australia. Be sure to visit our online communities at <http://www.ipexpert.com/communities> www.ipexpert.com/communities and our public website at <http://www.ipexpert.com/> www.ipexpert.com From: [email protected] [mailto:[email protected]] On Behalf Of Pieter-Jan Nefkens Sent: Wednesday, April 07, 2010 1:35 PM To: Brandon Carroll Cc: Kingsley Charles; [email protected] Subject: Re: [OSL | CCIE_Security] NAT with overload HI Brandon, Kings, If I remember correctly, if you do not specify overload, the first ip that is matched from the access-list is natted to the external address, leaving the other potential devices being unable to access the network. When the nat-timeout occurs, the global ip address becomes available again. It is comparible with the global pool for nat, but then with just one ip-address. E.g. nat is being applied. When using the overload keyword, pat is being used. You can compare it with the global command on the pix / asa. If you specify global (outside) 1 ip1-ip2 than the first two devices accessing the network are being translated, the third one basically has bad luck until one of the first nat entries time out. Thats why I (almost) always configure a global (outside) 1 ip3 as well, so that PAT is occuring as well. Just a tip, if you don't know it yet. If you do a command like "ip nat inside source 123 int dialer1 overload" remember to also put a "ip nat inside source static tcp <internalipofrouter> 22 int dialer1 22 extendable" in it as well. Otherwise you won't be able to remotely login to your DSL router/modem, as the dynamic nat would take presedence. I think it could even a troubleshouting item in the lab as well.. HTH PIeter-Jan On 7 apr 2010, at 18:37, Brandon Carroll wrote: Kings, I believe the IOS automatically overloads now if you don't specify. Older IOS you had to use the overload command. Regards, Brandon Carroll - CCIE #23837 Senior Technical Instructor - IPexpert Mailto: [email protected] Telephone: +1.810.326.1444 Live Assistance, Please visit: www.ipexpert.com/chat eFax: +1.810.454.0130 IPexpert is a premier provider of Self-Study Workbooks, Video on Demand, Audio Tools, Online Hardware Rental and Classroom Training for the Cisco CCIE (R&S, Voice, Security & Service Provider) certification(s) with training locations throughout the United States, Europe, South Asia and Australia. Be sure to visit our online communities at www.ipexpert.com/communities and our public website at www.ipexpert.com <http://www.ipexpert.com/> On Apr 7, 2010, at 9:11 AM, Kingsley Charles wrote: Hi Brandon IOS accepts the following command without "overload" keyword. Isn't the following PAT? ip nat source list 123 interface g0/0 With regards Kings On Wed, Apr 7, 2010 at 9:38 PM, Brandon Carroll <[email protected]> wrote: Overload takes you from using NAT to using PAT. Regards, Brandon Carroll - CCIE #23837 Senior Technical Instructor - IPexpert Mailto: [email protected] Telephone: +1.810.326.1444 Live Assistance, Please visit: www.ipexpert.com/chat eFax: +1.810.454.0130 IPexpert is a premier provider of Self-Study Workbooks, Video on Demand, Audio Tools, Online Hardware Rental and Classroom Training for the Cisco CCIE (R&S, Voice, Security & Service Provider) certification(s) with training locations throughout the United States, Europe, South Asia and Australia. Be sure to visit our online communities at www.ipexpert.com/communities and our public website at www.ipexpert.com <http://www.ipexpert.com/> On Apr 7, 2010, at 9:06 AM, Kingsley Charles wrote: > Hi all > > When we configure as following, all addresses matching 123 will be translated to g0/0 and that is PAT. Port numbers are used to distinguish each hosts. > > ip nat source list 123 interface g0/0 > > > What does overload do? > > > router1(config)#ip nat source list 123 interface g0/0 ? > overload Overload an address translation > vrf Specify vrf > <cr> > > router1(config)#ip nat source list 123 pool addr ? > overload Overload an address translation > vrf Specify vrf > <cr> > > > With regards > Kigs > > _______________________________________________ > For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com <http://www.ipexpert.com/> _______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com --- Nefkens Advies Enk 26 4214 DD Vuren The Netherlands Tel: +31 183 634730 Fax: +31 183 690113 Cell: +31 654 323221 Email: [email protected] Web: http://www.nefkensadvies.nl/ Think before you print.
<<image001.gif>>
_______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com
