Monday, January 30, 2006

 

Reverse-engineering some Cisco IOS NAT configuration. (Question #5)

Consider the following output from "show running" on a router that has only one physical interface (ethernet 0) in up/up state. There is also a loopback interface along with some NAT related config.


interface Loopback0
ip address 1.1.1.1 255.255.255.0
ip nat inside
!
interface Ethernet0
ip address 5.1.1.3 255.255.255.0
no ip redirects
ip nat outside
ip policy route-map NAT
no keepalive
!
ip nat inside source static 10.10.10.1 100.100.100.1
ip nat outside source static 20.20.20.1 200.200.200.1
ip route 10.10.10.0 255.255.255.0 5.1.1.1
ip route 20.20.20.0 255.255.255.0 5.1.1.2
ip route 100.100.100.0 255.255.255.0 5.1.1.1
ip route 200.200.200.0 255.255.255.0 5.1.1.2
!
!
access-list 101 permit ip host 10.10.10.1 host 200.200.200.1
access-list 101 permit ip host 20.20.20.1 host 100.100.100.1
!
route-map NAT permit 10
match ip address 101
set ip next-hop 1.1.1.2
!


The config extract above is all the useful configuration from the router. Can you figure out what useful end result this configuration on the router is achieving?

Please post your answers in the comments.

This page is powered by Blogger. Isn't yours?