peterelvidge
asked on
Nat Problem
Hi got a bit of a Nat problem -- hope someone can help.
main reason why i need to do this is because the devices on the inside network do not have a default gateway
here is the senario
Inside network = 192.168.2.0 /24
there is a router connected to this with IP address 192.168.2.245
i need the inside network to be able to send traffic to other subnets -- i was hoping to achieve this by nat
If a packet comes from another subnet , example 10.10.10.5--Is it possible by using nat to adjust the source destination such that it looks packet comes from 192.168.2.245 , thus no default gateway needed on the machines on that subnet to reach 10.10.10.5
Many thanks
main reason why i need to do this is because the devices on the inside network do not have a default gateway
here is the senario
Inside network = 192.168.2.0 /24
there is a router connected to this with IP address 192.168.2.245
i need the inside network to be able to send traffic to other subnets -- i was hoping to achieve this by nat
If a packet comes from another subnet , example 10.10.10.5--Is it possible by using nat to adjust the source destination such that it looks packet comes from 192.168.2.245 , thus no default gateway needed on the machines on that subnet to reach 10.10.10.5
Many thanks
also what router are we looking at? Make.
Cheers,
Rajesh
Cheers,
Rajesh
ASKER
i need to do because the devices on the 192.168.2.0 /24 subnet do not have a default gateway set -- and i need other devices to reach them somehow, im not new to routing/switching by the way-- router is fine -- can do nat etc
Unless you tell the router name how do you expect us to give the configuration required for it?
Also it is not as simple as you might think.
Cheers,
Rajesh
Also it is not as simple as you might think.
Cheers,
Rajesh
ASKER
Hey Rajesh,
If the router can do all the possible nat commands ( im using advancedIpservices IOS) -- what does it matter what router it is?
all i was looking for was a theoretical nat solution to the actual senario
i have drawn it out here for clarity
nat-problem.JPG
If the router can do all the possible nat commands ( im using advancedIpservices IOS) -- what does it matter what router it is?
all i was looking for was a theoretical nat solution to the actual senario
i have drawn it out here for clarity
nat-problem.JPG
Dude, there are different router vendors, without you telling me that you have a Cisco router (now you did), how do you expect me to give you a configuration example and if it would work or it. Not just nat is involved here, proxy arp etc matters.
int fa0/0
ip nat inside
int fa0/1
ip nat outside
ip nat inside source list 1 int fa0/1 overload
access-list 1 permit 10.10.10.5 <wildcard mask>
Basically looking at your diagram, you only have these 2 subnets connected. The above config will convert all the traffic into fa0/1 ip address (192.168.2.245, port translation ) and send it to 192.168.2.0 network.
Cheers,
Rajesh
int fa0/0
ip nat inside
int fa0/1
ip nat outside
ip nat inside source list 1 int fa0/1 overload
access-list 1 permit 10.10.10.5 <wildcard mask>
Basically looking at your diagram, you only have these 2 subnets connected. The above config will convert all the traffic into fa0/1 ip address (192.168.2.245, port translation ) and send it to 192.168.2.0 network.
Cheers,
Rajesh
ASKER
hey Raj,
Thanks for the reply , it would work , however there is a slight complication to this , i have the inside and outside statements already placed in the reverse direction as i am statically translating 192.168.2.5 to 10.40.1.5 .. ( i dont want host 10.10.10.5 to see real address)
ip nat inside source static 192.168.1.5 10.40.1.5
Is it possible i could use your nat example above in the reverse somehow -- doing your overload statement yet keeping my static translate.
Many thanks for your time.
Thanks for the reply , it would work , however there is a slight complication to this , i have the inside and outside statements already placed in the reverse direction as i am statically translating 192.168.2.5 to 10.40.1.5 .. ( i dont want host 10.10.10.5 to see real address)
ip nat inside source static 192.168.1.5 10.40.1.5
Is it possible i could use your nat example above in the reverse somehow -- doing your overload statement yet keeping my static translate.
Many thanks for your time.
ASKER
You would want to setup the interface 192.168.2.245 as an overload (this assumes you are using a Cisco devices) interface.\
If this is not Cisco, then you need to setup whatever router you are using so that it does many-to-one NAT for traffic that is coming from the outside network to the inside network.
The problem you will have is that nothing from the 192.168.2.0/24 subnet will be able to initiate connections to devices in the other subnet unless you setup one-to-one nat's or pats.
If this is not Cisco, then you need to setup whatever router you are using so that it does many-to-one NAT for traffic that is coming from the outside network to the inside network.
The problem you will have is that nothing from the 192.168.2.0/24 subnet will be able to initiate connections to devices in the other subnet unless you setup one-to-one nat's or pats.
no issues, try it this way;
int fa0/0
ip nat outside
int fa0/1
ip nat inside
ip nat inside source static 192.168.2.5 10.40.1.5
ip nat outside source list 1 int fa0/1 overload
access-list 1 permit 10.10.10.0 <wildcard mask>
I'm not 100% sure on this but try this. I live in a different part of the world and am going to hit the sack now. Post back and I'll look at it tomorrow morning.
Cheers,
Rajesh
int fa0/0
ip nat outside
int fa0/1
ip nat inside
ip nat inside source static 192.168.2.5 10.40.1.5
ip nat outside source list 1 int fa0/1 overload
access-list 1 permit 10.10.10.0 <wildcard mask>
I'm not 100% sure on this but try this. I live in a different part of the world and am going to hit the sack now. Post back and I'll look at it tomorrow morning.
Cheers,
Rajesh
ASKER
'ip nat outside source list 1 int fa0/1 overload'
this statement doesnt seem to work the same as the inside version...
this is what i get when i try put it in..
ROUTER(config)#ip nat outside source list 1 ?
pool Name pool of local addresses
ASKER
raj , any thoughts
Try the ip nat outside command as below;
ip nat outside source list 1 pool Net192 add-route
ip nat pool Net192 192.168.2.x 192.168.2.y netmask <netmask>
http://www.cisco.com/en/US/tech/tk648/tk361/technologies_configuration_example09186a0080093f8e.shtml
Also look into the link above.
Here the pool defined should be ip addresses that is not already used.
Cheers,
Rajesh
ip nat outside source list 1 pool Net192 add-route
ip nat pool Net192 192.168.2.x 192.168.2.y netmask <netmask>
http://www.cisco.com/en/US/tech/tk648/tk361/technologies_configuration_example09186a0080093f8e.shtml
Also look into the link above.
Here the pool defined should be ip addresses that is not already used.
Cheers,
Rajesh
ASKER
hasnt seemed to work
here is a show ip nat translation when i do a ping from 10.10.10.5 host
Pro Inside global Inside local Outside local Outside global
icmp 10.43.8.20:152 192.168.1.20:152 10.10.10.5:152 10.10.10.5:152
here is a show ip nat translation when i do a ping from 10.10.10.5 host
Pro Inside global Inside local Outside local Outside global
icmp 10.43.8.20:152 192.168.1.20:152 10.10.10.5:152 10.10.10.5:152
ASKER
just want to add that the addressing has changed a bit ,
192.168.2.x = 192.168.1.x
10.40.1.x = 10.43.8.x
sorry am doing this in a lab
192.168.2.x = 192.168.1.x
10.40.1.x = 10.43.8.x
sorry am doing this in a lab
ASKER
here is the topology now... aswell as the config
interface FastEthernet0/0
ip address 10.99.13.250 255.255.255.0
ip nat outside
ip virtual-reassembly
duplex auto
speed auto
!
interface FastEthernet0/1
ip address 192.168.1.245 255.255.255.0
ip nat inside
ip virtual-reassembly
duplex auto
speed auto
!
ip route 0.0.0.0 0.0.0.0 10.99.13.251 name Default-route
!
!
ip nat pool NET192 192.168.1.243 192.168.1.244 netmask 255.255.255.0
ip nat inside source static 192.168.1.20 10.43.8.20
ip nat outside source list 1 pool NET add-route
!
access-list 1 permit 10.99.13.0 0.0.0.255
natproblem3.JPG
interface FastEthernet0/0
ip address 10.99.13.250 255.255.255.0
ip nat outside
ip virtual-reassembly
duplex auto
speed auto
!
interface FastEthernet0/1
ip address 192.168.1.245 255.255.255.0
ip nat inside
ip virtual-reassembly
duplex auto
speed auto
!
ip route 0.0.0.0 0.0.0.0 10.99.13.251 name Default-route
!
!
ip nat pool NET192 192.168.1.243 192.168.1.244 netmask 255.255.255.0
ip nat inside source static 192.168.1.20 10.43.8.20
ip nat outside source list 1 pool NET add-route
!
access-list 1 permit 10.99.13.0 0.0.0.255
natproblem3.JPG
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
I have sorted it
This is my config ...
on Fa 0/1 , i made a secoundary interface with the range i wanted to nat to... with Ip nat outside statement on it
!
interface FastEthernet0/1
description LINK-TO-COND-ACC-NETWORK
ip address 10.43.8.245 255.255.255.0 secondary
ip address 192.168.1.245 255.255.255.0
ip nat outside
ip virtual-reassembly
duplex auto
speed auto
!
I then added the static nat statement :
ip nat outside source static 192.168.1.20 10.43.8.20
et voila , it all works perfectly , raj , you can have some points for helping me out.
This is my config ...
on Fa 0/1 , i made a secoundary interface with the range i wanted to nat to... with Ip nat outside statement on it
!
interface FastEthernet0/1
description LINK-TO-COND-ACC-NETWORK
ip address 10.43.8.245 255.255.255.0 secondary
ip address 192.168.1.245 255.255.255.0
ip nat outside
ip virtual-reassembly
duplex auto
speed auto
!
I then added the static nat statement :
ip nat outside source static 192.168.1.20 10.43.8.20
et voila , it all works perfectly , raj , you can have some points for helping me out.
Cheers,
Rajesh