Solved

NAT and route between VLAN

Posted on 2008-10-24
4
779 Views
Last Modified: 2010-04-21
Hi,

i need to NAT traffic coming from the 192.168.1.0 network outgoing to 172.16.0.0 and 192.168.99.0 as one ip adress in the 192.168.2.0 network so the router at 192.168.2.254 will not see the real 192.168.1.0 address

I already NAT the traffic of the 192.168.1.0 to the outside interface (FE0)

Here's a part of the config


!
interface FastEthernet0
 description $ES_WAN$
 ip address dhcp client-id FastEthernet0
 ip nat outside
 ip virtual-reassembly
 duplex auto
 speed auto
!
interface BRI0
 no ip address
 encapsulation hdlc
 shutdown
!
interface FastEthernet1
!
interface FastEthernet2
!
interface FastEthernet3
!
interface FastEthernet4
!
interface FastEthernet5
 switchport access vlan 2
!
interface FastEthernet6
 switchport access vlan 2
!
interface FastEthernet7
 switchport access vlan 2
!
interface FastEthernet8
 switchport access vlan 2
!
interface ATM0
 no ip address
 shutdown
 no atm ilmi-keepalive
 dsl operating-mode auto
!
interface Vlan1
 description $ETH-SW-LAUNCH$$INTF-INFO-FE 1$
 ip address 192.168.1.253 255.255.255.0
 ip nat inside
 ip virtual-reassembly
 ip tcp adjust-mss 1452
!
interface Vlan2
 ip address 192.168.2.253 255.255.255.0
 ip nat inside
 ip virtual-reassembly
!
ip forward-protocol nd
ip route 192.168.1.0 255.255.255.0 Vlan1 permanent
ip route 192.168.2.0 255.255.255.0 Vlan2 permanent
ip route 172.16.0.0 255.255.0.0 192.168.2.254 permanent
ip route 192.168.99.0 255.255.255.0 192.168.2.254 permanent
!
!
ip http server
ip http access-class 23
ip http authentication local
ip http timeout-policy idle 60 life 86400 requests 10000
ip nat inside source list 1 interface FastEthernet0 overload
!


0
Comment
Question by:fox54
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
  • 2
4 Comments
 
LVL 8

Expert Comment

by:MrJemson
ID: 22802101
Change:
interface Vlan2
 ip address 192.168.2.253 255.255.255.0
 ip nat inside
 ip virtual-reassembly

To:

interface Vlan2
 ip address 192.168.2.253 255.255.255.0
 ip nat outside
 ip virtual-reassembly
0
 

Author Comment

by:fox54
ID: 22802344
I think that it will NAT the traffic from 192.168.1.0 to 192.168.2.0  ???
i need only to NAT traffic from 192.168.1.0 to 172.16.0.0. and 192.168.99.0 (using router on 192.168.2.254)

The traffic from 192.168.1.0 to 192.168.2.0 must not be NAT

Will the traffic from 192.168.2.0 continue to be NAT when going out on FE0 ??

0
 
LVL 8

Accepted Solution

by:
MrJemson earned 125 total points
ID: 22809011
Hello,

I believe I misunderstood your intentions.
I now believe you are tyring to do the following:

Route traffic to the 172.16.0.0 and 192.168.99.0 networks, via 192.168.2.254, but NAT the traffic?

This cannot be done without NAT'ing the entire 192.168.1.0 subnet to the 192.168.2.0 network.
If you must not NAT between 192.168.2.0 and 192.168.1.0, im afraid you are out of luck.

However, if you can NAT .1.0 to .2.0, to answer your earlier question, Yes, you will still NAT out FE0.
0
 

Author Closing Comment

by:fox54
ID: 31509844
Well i think i will be out of luck then
I will be able to live with it
0

Featured Post

Free Tool: SSL Checker

Scans your site and returns information about your SSL implementation and certificate. Helpful for debugging and validating your SSL configuration.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Hello , This is a short article on how would you go about enabling traceoptions on a Juniper router . Traceoptions are similar to Cisco debug commands but these traceoptions are implemented in Juniper networks router . The following demonstr…
In the world of WAN, QoS is a pretty important topic for most, if not all, networks. Some WAN technologies have QoS mechanisms built in, but others, such as some L2 WAN's, don't have QoS control in the provider cloud.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

756 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question