Moving servers to new subnet

irom77
Published:
Browse All Articles > Moving servers to new subnet
New Server 172.16.200.2  was moved from behind Router R2 f0/1 to behind router R1 int f/01 and has now address 172.16.100.2. But we want users still to be able to connected to it by old IP. How to do it ? We can used destination NAT (DNAT).  In DNAT terminology the address  of the server is called VIP.

Here are initial configurations of R1 and R2 

hostname R2
                      
                      interface FastEthernet0/0
                       ip address 192.168.1.2 255.255.255.0
                       duplex auto
                       speed auto
                      !
                      interface FastEthernet0/1
                       ip address 172.16.200.1 255.255.255.0
                       duplex auto
                       speed auto
                      !
                      router ospf 1
                       log-adjacency-changes
                       network 192.168.1.2 0.0.0.0 area 0
                      
                      
                      hostname R1
                      
                      interface FastEthernet0/0
                       ip address 192.168.1.1 255.255.255.0
                       ip nat outside
                      !
                      interface FastEthernet0/1
                       ip address 172.16.100.1 255.255.255.0
                       ip nat inside
                      !
                      router ospf 1
                       log-adjacency-changes
                       redistribute static subnets
                       network 192.168.1.1 0.0.0.0 area 0
                      !
                      ip route 172.16.200.2 255.255.255.255 Null0

Open in new window


Old IP address of server is distributed back to R2 , see below 

R2#sh ip route
                      
                           172.16.0.0/16 is variably subnetted, 2 subnets, 2 masks
                      C       172.16.200.0/24 is directly connected, FastEthernet0/1
                      O E2    172.16.200.2/32 [110/20] via 192.168.1.1, 00:07:26, FastEthernet0/0
                      C    192.168.1.0/24 is directly connected, FastEthernet0/0
                      R2#

Open in new window


Now we have to configure DNAT, see below. NAT POOL is limited to only one address , because we're not going to use load-balancing in this example

ip nat pool POOL 172.16.100.2 172.16.100.2 prefix-length 24 type rotary
ip nat inside destination list SERVER pool POOL
!
ip access-list extended SERVER
 permit tcp any host 172.16.200.2 range 5000 5100

Now let's check that we can telnet to port 5000 from router R2.

R2#telnet  172.16.200.2 5000
Trying 172.16.200.2, 5000 ...
% Connection timed out; remote host not responding

Connection is timeouted because I didn't enable port 5000 on server, but we can verify translations on R1, see below.

R1#sh ip nat translations
Pro Inside global      Inside local       Outside local      Outside global
tcp 172.16.200.2:5000  172.16.100.2:5000  192.168.1.2:13038  192.168.1.2:13038

So it works !
1
5,782 Views

Comments (0)

Have a question about something in this article? You can receive help directly from the article author. Sign up for a free trial to get started.