<

Moving servers to new subnet

Published on
11,573 Points
5,473 Views
1 Endorsement
Last Modified:
Approved
New Server 172.16.200.2  was moved from behind Router R2 f0/1 to behind router R1 int f/01 and has now address 172.16.100.2. But we want users still to be able to connected to it by old IP. How to do it ? We can used destination NAT (DNAT).  In DNAT terminology the address  of the server is called VIP.

Here are initial configurations of R1 and R2

hostname R2

interface FastEthernet0/0
 ip address 192.168.1.2 255.255.255.0
 duplex auto
 speed auto
!
interface FastEthernet0/1
 ip address 172.16.200.1 255.255.255.0
 duplex auto
 speed auto
!
router ospf 1
 log-adjacency-changes
 network 192.168.1.2 0.0.0.0 area 0


hostname R1

interface FastEthernet0/0
 ip address 192.168.1.1 255.255.255.0
 ip nat outside
!
interface FastEthernet0/1
 ip address 172.16.100.1 255.255.255.0
 ip nat inside
!
router ospf 1
 log-adjacency-changes
 redistribute static subnets
 network 192.168.1.1 0.0.0.0 area 0
!
ip route 172.16.200.2 255.255.255.255 Null0

Open in new window


Old IP address of server is distributed back to R2 , see below

R2#sh ip route

     172.16.0.0/16 is variably subnetted, 2 subnets, 2 masks
C       172.16.200.0/24 is directly connected, FastEthernet0/1
O E2    172.16.200.2/32 [110/20] via 192.168.1.1, 00:07:26, FastEthernet0/0
C    192.168.1.0/24 is directly connected, FastEthernet0/0
R2#

Open in new window


Now we have to configure DNAT, see below. NAT POOL is limited to only one address , because we're not going to use load-balancing in this example

ip nat pool POOL 172.16.100.2 172.16.100.2 prefix-length 24 type rotary
ip nat inside destination list SERVER pool POOL
!
ip access-list extended SERVER
 permit tcp any host 172.16.200.2 range 5000 5100

Now let's check that we can telnet to port 5000 from router R2.

R2#telnet  172.16.200.2 5000
Trying 172.16.200.2, 5000 ...
% Connection timed out; remote host not responding

Connection is timeouted because I didn't enable port 5000 on server, but we can verify translations on R1, see below.

R1#sh ip nat translations
Pro Inside global      Inside local       Outside local      Outside global
tcp 172.16.200.2:5000  172.16.100.2:5000  192.168.1.2:13038  192.168.1.2:13038

So it works !
1
Author:irom77
Enjoy this complimentary article view.

Get unlimited access to our entire library of technical procedures, guides, and tutorials written by certified industry professionals.

Get 7 days free
Click here to view the full article

Using this article for work? Experts Exchange can benefit your whole team.

Learn More
COLLABORATE WITH CERTIFIED PROFESSIONALS
Experts Exchange is a tech solutions provider where users receive personalized tech help from vetted certified professionals. These industry professionals also write and publish relevant articles on our site.
Ask questions about what you read
If you have a question about something within an article, you can receive help directly from the article author. Experts Exchange article authors are available to answer questions and further the discussion.
Learn from the best.