How to use Cisco's NAT

Does anyone know where there are some pointers on using the 11.2 NAT stuff
with Cisco? Also if it works worth anything? I've been searching cio for
some info, but so far no examples...

Also, does it work with 2501? Specifically I am working on setting up
part of my BGP space with very small IP blocks for customers but with a
NAT on the front end (if it works worth anything) so that I don't have to
play the "I need more address space" game with customers. Also the problems
associated with customers changing IP providers is starting to go up as
well...

Marcos

      '''
     (o o)
-oOO--(_)--OOo--------------------------------mdella @ cstone.com-----
Marcos R. Della http://www.cstone.com/~mdella

Marcos Della wrote:

Does anyone know where there are some pointers on using the 11.2 NAT

I've installed it for going on 6 sites now. There are a couple of
quirks on the 1600 (bug) and 2500, but for the most part it
works pretty well. We cutover one site with 250 workstations and
30 remotes sites from one internet provider to another in 5 minutes.

I've had zero problems with NAT on the 3600 and 4500 series.

One possible design flaw is that it translates DNS queries (packet
payload), but not zone transfers. This presents a problem if you
have primary DNS server inside and secondary outside.
I think this is scheduled to be fixed.

Cisco had a few tips for me on a quirky problem...
1. Use a normal access-list (nonextended) for the NAT list.
2. For small sites, overload a single public address rather than many.
3. Don't put a internal, publically addressable network as "outside"
  if you don't have to.
4. For right now, avoid using any statically mapped addresses for
  surfing the net if you can. There is a bug where a statically
  mapped address will also grab a pool address for outgoing
  connections and then problems will crop up when both are being
  used.

I can include some sample configs privately through email if anyone
wants.

allan