It is very likely it was working because you only tested from 1 IP address. This once happened to a customer. He said he had configured NAT and it was working before and as soon as he put another host, it didnt work anymore...
-- Willians Barboza CCIE Security # 25629 2010/4/7 Tyson Scott <[email protected]> > That is correct Pieter-Jan > > > > Regards, > > > > Tyson Scott - CCIE #13513 R&S, Security, and SP > > Technical Instructor - IPexpert, Inc. > > Mailto: [email protected] > > Telephone: +1.810.326.1444, ext. 208 > > Live Assistance, Please visit: www.ipexpert.com/chat > > eFax: +1.810.454.0130 > > > > IPexpert is a premier provider of Self-Study Workbooks, Video on Demand, > Audio Tools, Online Hardware Rental and Classroom Training for the Cisco > CCIE (R&S, Voice, Security & Service Provider) certification(s) with > training locations throughout the United States, Europe, South Asia and > Australia. Be sure to visit our online communities at > www.ipexpert.com/communities and our public website at www.ipexpert.com > > > > *From:* [email protected] [mailto: > [email protected]] *On Behalf Of *Pieter-Jan > Nefkens > *Sent:* Wednesday, April 07, 2010 1:35 PM > *To:* Brandon Carroll > *Cc:* Kingsley Charles; [email protected] > *Subject:* Re: [OSL | CCIE_Security] NAT with overload > > > > HI Brandon, Kings, > > > > If I remember correctly, if you do not specify overload, the first ip that > is matched from the access-list is natted to the external address, leaving > the other potential devices being unable to access the network. When the > nat-timeout occurs, the global ip address becomes available again. It is > comparible with the global pool for nat, but then with just one ip-address. > > > > E.g. nat is being applied. > > When using the overload keyword, pat is being used. > > > > > > You can compare it with the global command on the pix / asa. > > If you specify global (outside) 1 ip1-ip2 > > than the first two devices accessing the network are being translated, the > third one basically has bad luck until one of the first nat entries time > out. Thats why I (almost) always configure a global (outside) 1 ip3 as well, > so that PAT is occuring as well. > > > > Just a tip, if you don't know it yet. > > > > If you do a command like > > "ip nat inside source 123 int dialer1 overload" > > remember to also put a > > "ip nat inside source static tcp <internalipofrouter> 22 int dialer1 22 > extendable" > > in it as well. Otherwise you won't be able to remotely login to your DSL > router/modem, as the dynamic nat would take presedence. > > > > > > I think it could even a troubleshouting item in the lab as well.. > > > > HTH > > PIeter-Jan > > > > > > > > On 7 apr 2010, at 18:37, Brandon Carroll wrote: > > > > Kings, > > > > I believe the IOS automatically overloads now if you don't specify. Older > IOS you had to use the overload command. > > > Regards, > > > > Brandon Carroll - CCIE #23837 > > Senior Technical Instructor - IPexpert > > Mailto: [email protected] > > Telephone: +1.810.326.1444 > > Live Assistance, Please visit: www.ipexpert.com/chat > > eFax: +1.810.454.0130 > > > > IPexpert is a premier provider of Self-Study Workbooks, Video on Demand, > Audio Tools, Online Hardware Rental and Classroom Training for the Cisco > CCIE (R&S, Voice, Security & Service Provider) certification(s) with > training locations throughout the United States, Europe, South Asia and > Australia. Be sure to visit our online communities at > www.ipexpert.com/communities and our public website at www.ipexpert.com > > > > > > > > On Apr 7, 2010, at 9:11 AM, Kingsley Charles wrote: > > > > Hi Brandon > > > > IOS accepts the following command without "overload" keyword. Isn't the > following PAT? > > > > ip nat source list 123 interface g0/0 > > > > > > > > > > With regards > > Kings > > On Wed, Apr 7, 2010 at 9:38 PM, Brandon Carroll <[email protected]> > wrote: > > Overload takes you from using NAT to using PAT. > > Regards, > > Brandon Carroll - CCIE #23837 > Senior Technical Instructor - IPexpert > Mailto: [email protected] > Telephone: +1.810.326.1444 > Live Assistance, Please visit: www.ipexpert.com/chat > eFax: +1.810.454.0130 > > IPexpert is a premier provider of Self-Study Workbooks, Video on Demand, > Audio Tools, Online Hardware Rental and Classroom Training for the Cisco > CCIE (R&S, Voice, Security & Service Provider) certification(s) with > training locations throughout the United States, Europe, South Asia and > Australia. Be sure to visit our online communities at > www.ipexpert.com/communities and our public website at www.ipexpert.com > > > > > On Apr 7, 2010, at 9:06 AM, Kingsley Charles wrote: > > > Hi all > > > > When we configure as following, all addresses matching 123 will be > translated to g0/0 and that is PAT. Port numbers are used to distinguish > each hosts. > > > > ip nat source list 123 interface g0/0 > > > > > > What does overload do? > > > > > > router1(config)#ip nat source list 123 interface g0/0 ? > > overload Overload an address translation > > vrf Specify vrf > > <cr> > > > > router1(config)#ip nat source list 123 pool addr ? > > overload Overload an address translation > > vrf Specify vrf > > <cr> > > > > > > With regards > > Kigs > > > > > _______________________________________________ > > For more information regarding industry leading CCIE Lab training, please > visit www.ipexpert.com > > > > > > _______________________________________________ > For more information regarding industry leading CCIE Lab training, please > visit www.ipexpert.com > > > > --- > > Nefkens Advies > > Enk 26 > > 4214 DD Vuren > > The Netherlands > > > > Tel: +31 183 634730 > > Fax: +31 183 690113 > > Cell: +31 654 323221 > > Email: [email protected] > > Web: http://www.nefkensadvies.nl/ > > > Think before you print. > > > > > > > > _______________________________________________ > For more information regarding industry leading CCIE Lab training, please > visit www.ipexpert.com > >
<<image001.gif>>
_______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com
