Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

Desperately trying to understand Nat

Posted on 2004-08-10
3
Medium Priority
?
192 Views
Last Modified: 2010-04-17
I'm setting up a Cisco 2600 series router that will connect two sites together with a private line.  Each client wants to use their own block of IPs to access certain systems, so client #1 has dedicated 12.4.xxx.xxx (not sure why but the customer has chosen to use public IPs)to access customer #2 fileserver and 12.4.xxx.xxx to access customer #1 mail server.  Customer #2 wants to translate their IPs to a private IP address before allowing it to route internally.  So the picture looks something like this:

Customer #1 ---->12.4.xxx.xxx  ---->Customer #2 ---->192.168.xxx.xxx ---->System #1

Call me simple-minded but natting has always been a little confusing to me.  I'm not sure where to do the natting here, on both routers or just one?  Am I changing the source Address or the destination address?  I hope this makes sense.....
0
Comment
Question by:sunny10
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
3 Comments
 
LVL 11

Accepted Solution

by:
Quetzal earned 375 total points
ID: 11771374
NAT will only apply to Customer #2.    You can configure the router in two ways.  (1) associate a unique public ip addr with a private addr, (2) associate a single public ip addr with multiple private addr's but forward specific ports to specific private addr's.  You could mix both modes too.  Method #2 is commonly referred to generically as NAT.

In method 1, the private ip addr from Customer #2 are changed to the public ip addr.  Traffic to Customer #2 will change the destination addr.  Traffic from Customer #2 will change the source addr.  The source and destination ports will not be translated.

In method 2, the combination of the private ip addr/port number from Customer #2 is changed to a unique combination of public ip addr/port number.  Traffic to Customer #2 will change the destination public ip/port to private ip/port.  Traffic from Customer #2 will change the source addr.  Port forwarding affects only traffic to Customer #2.  Traffic to the destination public ip/fwded port will be changed to the private ip/port specified in the forwarding rule.  Note that the source and destination ports are translated.
0
 
LVL 11

Expert Comment

by:Quetzal
ID: 11771394
In method 2, the third sentence should read: Traffic from Customer #2 will change the source private ip addr/port to public ip/port (where the public ip port will be unique to all open connections at the time of the packet transmission).
0
 

Author Comment

by:sunny10
ID: 11849140
ok, so I created a route-map on customer #2's router.  the route map looks at the source and destination address coming from customer #1 and hands out an address based on the access-list.  I placed 'ip nat inside' on the E0 interface and 'ip nat outside' on the serial port.  Do I need to create a route-map on customer #1's router as well, or does the ip source outside take care of translating it back to its original source address?  The route map isn't working right now but I think it has to do with the firewall and not the list (I think).
0

Featured Post

Concerto Cloud for Software Providers & ISVs

Can Concerto Cloud Services help you focus on evolving your application offerings, while delivering the best cloud experience to your customers? From DevOps to revenue models and customer support, the answer is yes!

Learn how Concerto can help you.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

We've been using the Cisco/Linksys RV042 for years as: - an internet Gateway - a site-to-site VPN device - a leased line site-to-site subnet-to-subnet interface (And, here I'm assuming that any RV0xx behaves the same way as an RV042.  So that's …
How to set-up an On Demand, IPSec, Site to SIte, VPN from a Draytek Vigor Router to a Cyberoam UTM Appliance. A concise guide to the settings required on both devices
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

670 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question