Contents
Introduction
Prerequisites
Requirements
Components Used
Conventions
Background Information
Access List Approach
Host 1 to Host 2
Host 1 to Host 3
Route Map Approach
Host 1 to Host 2
Host 1 to Host 3
Related Information
Introduction
This document explains how the use of access lists versus route maps changes the functionality of Network Address Translation (NAT). For more information on NAT, see Cisco IOS NAT.
Prerequisites
Requirements
There are no specific requirements for this document.
Components Used
The information in this document is based on these software and hardware versions:
-
Cisco 2500 Series Routers.
-
Cisco IOS® Software Release 12.3(3).
The information in this document was created from the devices in a specific lab environment. All of the devices used in this document started with a cleared (default) configuration. If your network is live, make sure that you understand the potential impact of any command.
Conventions
For more information on document conventions, refer to the Cisco Technical Tips Conventions.
Background Information
NAT only uses access lists and route maps when it needs to create a translation entry. If a translation entry already exists that matches the traffic then the translation entry will be used; any access lists or route maps will not be consulted. The difference between using an access list or route map is the type of translation entry that will be created.
Route Maps
When NAT uses a route map to decide to create a translation entry, it will always create a "fully extended" translation entry. This translation entry will contain both the inside and outside (local and global) address entries and any TCP or UDP port information. Refer to NAT: Local and Global Definitions for more information on inside and outside (local and global) addresses.
Access Lists (no overload)
When NAT uses an access list to decide to create a translation entry, it will create a "simple" translation entry. This "simple" entry will only contain local and global IP address entries for just the inside or outside depending on whether the ip nat inside or ip nat outside command is configured. Also, it will not include any TCP or UDP port information.
Access Lists (with overload)
When NAT uses an access list, and overload has also been specified, NAT will create a "fully extended" translation entry. (Refer to Note1 ). The operation is similar to the route-map case except that route-map has some additional features. Refer to Note 2 for more details. You can see an example of a simple NAT translation entry and a fully extended NAT translation entry by selecting one of the links below:
-
Simple NAT translation entry
-
Fully extended NAT translation entry
Below is an example network diagram we will use to illustrate the difference between using a route map and an access list with NAT.
In the example network diagram above, it is required that hosts on 10.1.1.0 be translated to the following:
-
131.108.2.0 when going to 131.108.1.0
-
131.118.2.0 when going to 131.118.1.0
Access List Approach
With an access list approach, you would do the following to translate the hosts on 10.1.1.0:
ip nat pool pool108 131.108.2.1 131.108.2.254 prefix-length 24!--- Defines a pool of global addresses to be allocated as needed. ip nat pool pool118 131.118.2.1 131.118.2.254 prefix-length 24 ip nat inside source list 108 pool pool108 !--- Establishes dynamic source translation, specifying the !--- access list defined below.文章整理:西部数码--专业提供域名注册、虚拟主机服务
http://www.west263.com
以上信息与文章正文是不可分割的一部分,如果您要转载本文章,请保留以上信息,谢谢!
