Monday, January 30, 2006

 

Reverse-engineering some Cisco IOS NAT configuration. (Question #5)

Consider the following output from "show running" on a router that has only one physical interface (ethernet 0) in up/up state. There is also a loopback interface along with some NAT related config.


interface Loopback0
ip address 1.1.1.1 255.255.255.0
ip nat inside
!
interface Ethernet0
ip address 5.1.1.3 255.255.255.0
no ip redirects
ip nat outside
ip policy route-map NAT
no keepalive
!
ip nat inside source static 10.10.10.1 100.100.100.1
ip nat outside source static 20.20.20.1 200.200.200.1
ip route 10.10.10.0 255.255.255.0 5.1.1.1
ip route 20.20.20.0 255.255.255.0 5.1.1.2
ip route 100.100.100.0 255.255.255.0 5.1.1.1
ip route 200.200.200.0 255.255.255.0 5.1.1.2
!
!
access-list 101 permit ip host 10.10.10.1 host 200.200.200.1
access-list 101 permit ip host 20.20.20.1 host 100.100.100.1
!
route-map NAT permit 10
match ip address 101
set ip next-hop 1.1.1.2
!


The config extract above is all the useful configuration from the router. Can you figure out what useful end result this configuration on the router is achieving?

Please post your answers in the comments.

Comments:
it's complicated. there might be someone can answer it.
but i guess..
this router will NAT only ip packet communicate between 10.10.10.1 and 20.20.20.1.
for instance, one ip packet sent from Router5.1.1.1 , src. field is 10.10.10.1, dst.ip field is 200.200.200.1, will be nat at this router (10.10.10.1 --> 100.100.100.1 and 20.20.20.1 --> 200.200.200.1) and routed to gateway 5.1.1.2.

it seen this router act as NAT station ^_^
 
Post a Comment

Links to this post:

Create a Link



<< Home

This page is powered by Blogger. Isn't yours?