Tag Archives: ios_nat

Source and Destination NAT with IOS VPN

Last week’s article, IOS VPN and Overlapping IP addresses, looked at the art of dealing with address overlap by leveraging our knowledge of source NAT. That article demonstrated a solution when the parties responsible for both VPN devices have the … Continue reading

Posted in CCIE Security, CCNA Security, Certification, Network, Technology | Tagged , , | 7 Comments

IOS VPN and Overlapping Addresses

In an ideal world, we’d not have to deal with IP address overlap. However, there are many factors that may require us to do so. These factors include things like acquisitions, mergers or partner relationships. When the need to address … Continue reading

Posted in CCIE Security, Certification, Network, Security, Technology | Tagged , , | 6 Comments

VRFing 103, Using NAT Virtual Interfaces for Global Reachability

The last few technical articles I’ve written have been around the topic of VRFs. VRF, short for Virtual Routing an Forwarding, is basically a way to carve out areas of isolation in your router. The way this is accomplished is … Continue reading

Posted in Network, Technology | Tagged , , , | 12 Comments

VRFing 102, Providing Internet Access With Dynamic PAT

Last week I wrote an article called VRFing 101, Understanding VRF Basics. This was a short and simple introduction into a technology that provides tremendous flexibility for network designers. With flexibility, complexity always follows. This is true in the case … Continue reading

Posted in Network, Technology | Tagged , , , , | 6 Comments

Hairpinning Internet and VPN Traffic in Cisco IOS with NAT

This week I wanted to address a concept that comes up occasionally. This is the concept of hair-pinning Internet traffic through a VPN. For this particular case study, we will use an IOS based Cisco router to terminate both ends … Continue reading

Posted in Network, Security, Technology | Tagged , , , , , | 21 Comments

Old School Method of IOS Static NAT Exemption

Last week, I wrote an article that demonstrated the challenges of static NAT when combined with VPNs using RFC1918 address space. We created exemptions using route-maps within the static nat statements. Cisco didn’t introduce route-maps for static translations until 12.2(4)T. … Continue reading

Posted in Network, Security | Tagged , , , , , , , | 1 Comment

Exempting Static Translations in IOS NAT

Last week I wrote an article that defined the need for NAT exemption. This article used the example of a single device that terminated a VPN to a network that used the RFC1918 private address on the remote side. Additionally, … Continue reading

Posted in Network, Security | Tagged , , , , , , , | 3 Comments