• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 194
  • Last Modified:

Desperately trying to understand Nat

I'm setting up a Cisco 2600 series router that will connect two sites together with a private line.  Each client wants to use their own block of IPs to access certain systems, so client #1 has dedicated 12.4.xxx.xxx (not sure why but the customer has chosen to use public IPs)to access customer #2 fileserver and 12.4.xxx.xxx to access customer #1 mail server.  Customer #2 wants to translate their IPs to a private IP address before allowing it to route internally.  So the picture looks something like this:

Customer #1 ---->12.4.xxx.xxx  ---->Customer #2 ---->192.168.xxx.xxx ---->System #1

Call me simple-minded but natting has always been a little confusing to me.  I'm not sure where to do the natting here, on both routers or just one?  Am I changing the source Address or the destination address?  I hope this makes sense.....
0
sunny10
Asked:
sunny10
  • 2
1 Solution
 
QuetzalCommented:
NAT will only apply to Customer #2.    You can configure the router in two ways.  (1) associate a unique public ip addr with a private addr, (2) associate a single public ip addr with multiple private addr's but forward specific ports to specific private addr's.  You could mix both modes too.  Method #2 is commonly referred to generically as NAT.

In method 1, the private ip addr from Customer #2 are changed to the public ip addr.  Traffic to Customer #2 will change the destination addr.  Traffic from Customer #2 will change the source addr.  The source and destination ports will not be translated.

In method 2, the combination of the private ip addr/port number from Customer #2 is changed to a unique combination of public ip addr/port number.  Traffic to Customer #2 will change the destination public ip/port to private ip/port.  Traffic from Customer #2 will change the source addr.  Port forwarding affects only traffic to Customer #2.  Traffic to the destination public ip/fwded port will be changed to the private ip/port specified in the forwarding rule.  Note that the source and destination ports are translated.
0
 
QuetzalCommented:
In method 2, the third sentence should read: Traffic from Customer #2 will change the source private ip addr/port to public ip/port (where the public ip port will be unique to all open connections at the time of the packet transmission).
0
 
sunny10Author Commented:
ok, so I created a route-map on customer #2's router.  the route map looks at the source and destination address coming from customer #1 and hands out an address based on the access-list.  I placed 'ip nat inside' on the E0 interface and 'ip nat outside' on the serial port.  Do I need to create a route-map on customer #1's router as well, or does the ip source outside take care of translating it back to its original source address?  The route map isn't working right now but I think it has to do with the firewall and not the list (I think).
0

Featured Post

What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now