| IOS config: NAT on a stick |
 |
 |
 |
| Written by Alexei Spirin | ||
| Sunday, 03 February 2008 20:26 | ||
|
The wonderful thing about security stuff on IOS routers is that you can do something that is impossible and even unthinkable on PIX/ASA. That's why sometimes cisco says that IOS is flexible ;). The excellent example of IOS flexibility is a 'NAT on a stick' trick. Let's imagine a single subnet with three routers in it. Forget about routes, default gateways, ospf, etc. Single subnet is all we need, let's take 192.0.2.0/24 for example. Every router has an IP-address: the first R1 has 192.0.2.1; the second R2 has 192.0.2.2; and the third R3 has 192.0.2.3. And we need two more IP-addresses: .11th and .33rd The task Please give an answer. Whether the R1 can ping the R3 with destination IP 192.0.2.33 or not? Whether the R3 can ping R1 with destinational IP 192.0.2.11 or not?Additional requirements - when the R1 does the ping to the R3, R3 must see packets coming from .11 and vice versa (R3 pings R1 with source IP .33). You can not change R1 and R3 configs. You can not use PBR. VoilĂ ! If you are ready to answer and/or want to see soluton just click anywhere on the table below.
That is all we need to solve this simple but very tricky task :). |
||
| Last Updated on Saturday, 25 October 2008 10:16 |