I suspect it is to prevent a DoS type attack; something like the PIX not
responding to ARP's that it announces.
It would make my life a lot easier if the PIX would be smart enough to
resolve it internally; we are having an issue now with inter-interface
communication that I suspect is related.
to
IF100 you use external addresses and all ACL's are applied ..
however going from IF100 to IF20 you need to set a NAT statement and a
global statement and then use INTERNAL addresses. ... I wish there was a
way to use external addresses in both 'directions' ... or to have
the PIX act as above and accept these connections>.
If I am incorrect *please* let me know ... would make my life easier in so
many ways ...
Thanks!
TJ
-----Original Message-----
From: Justin Emilio [mailto:[EMAIL PROTECTED]]
Sent: Thursday, May 03, 2001 14:53
To: [EMAIL PROTECTED]
Subject: Re: IP NAT Issue [7:3073]
I still don't understand why I shouldn't be able to translate an address
from one interface and out the same interface. I use that interface as my
gateway for private addresses, so it will obviously will not be able to use
the hub to get out on the internet. It seems like a limitation from Cisco
that will not allow the "ip nat inside" and "ip nat outside" command to be
placed on one interface. If I am wrong and this logically cannot work please
fill me in. I just don't understand why I couldn't do that.
Justin Emilio
Tech Support
CCNP, CCNA, CCDA, CSE
MM Internet 888-654-4971
----- Original Message -----
From: "Daniel Cotts"
To:
Sent: Thursday, May 03, 2001 11:10 AM
Subject: RE: IP NAT Issue [7:3073]
> No you can't. The hub is just that - a hub. There is only one interface.
If
> you connected to the Internet via your serial port then the following
config
> should work. If you need ethernet on the Internet side, then time to buy a
> router with two ethernet interfaces.
>
> ip nat inside source list 1 interface Serial0 overload
>
> interface serial 0
> ip address aaa.xxx.yyy.zzz 255.255.255.0
> ip nat outside
>
> interface Ethernet0
> ip address 9.114.11.39 255.255.255.0
> ip nat inside
>
> access-list 1 permit 9.114.11.0 0.0.0.255
>
> > -----Original Message-----
> > From: Justin Emilio [mailto:[EMAIL PROTECTED]]
> > Sent: Thursday, May 03, 2001 12:46 PM
> > To: [EMAIL PROTECTED]
> > Subject: IP NAT Issue [7:3073]
> >
> >
> > I am using a Cisco 2505 router which has a built in 8 port
> > hub. This hub
> > acts as 1 ethernet interface and I would like to use NAT to
> > allow a network
> > that is connected to the built in hub to be able to connect out to the
> > internet through another port on the hub using 1 globally
> > routable address
> > with overloading. I tried using both "ip nat inside" and "ip
> > nat outside" on
> > the ethernet interface, but you can only use one of those
> > commands on an
> > interface. I played with different configurations yesterday
> > and couldn't get
> > any to work correctly. Should I be able to accomplish this?
> > If anyone could
> > help that would be greatly appreciated. Thanks
> >
> >
> > Justin Emilio
> > Tech Support
> > CCNP, CCNA, CCDA, CSE
> > MM Internet 888-654-4971
> > FAQ, list archives, and subscription info:
> > http://www.groupstudy.com/list/cisco.html
> > Report misconduct
> > and Nondisclosure violations to [EMAIL PROTECTED]
> FAQ, list archives, and subscription info:
http://www.groupstudy.com/list/cisco.html
> Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
FAQ, list archives, and subscription info:
http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
*****************************************************************************
The information in this email is confidential and may be legally privileged.
It is intended solely for the addressee. Access to this email by anyone else
is unauthorized.
If you are not the intended recipient, any disclosure, copying, distribution
or any action taken or omitted to be taken in reliance on it, is prohibited
and may be unlawful. When addressed to our clients any opinions or advice
contained in this email are subject to the terms and conditions expressed in
the governing KPMG client engagement letter.
*****************************************************************************
Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=3090&t=3073
--------------------------------------------------
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
