NAT on Cisc 891

Posted on 2014-08-05
Last Modified: 2014-08-15
I have a Cisco 891w currently connected to the internet with no problems. I have it handing out IP addresses on My issue here is I am now connecting this network physically to another network in the same building that is using a public IP space. Computers are given a 159.x.x.x scope. I want to NAT that 159.x.x.x network and put those devices on the network since I do not have access to that router which controls that subnet and the access behind it. These computers will still need to access devices that are on the 159.x.x.x router. What is the proper way to NAT this scenario? I would assume I would create either a vlan or setup a switchport on Router B as 159.x.x.2 and do an ip nat inside/outside??

NOTE: I do NOT have access to Router A.

Server 1   <------>  Router A   <--------------------->  Router B
     |___156.x.x.1        |___159.x.x.1                            |____192.168.13.1
Question by:lconnell
    LVL 18

    Expert Comment

    I'm not sure why you need NAT for this setup.

    The devices on Router A should already have internet access also since they are public address. Public Addresses do not need NAT. NAT is used to translate a private IP to public IP when traversing the internet since private IPs are not routable on the internet. The advantage of this is to share 1 or more public IP addresses with multiple computers in cases where there are more devices than there are public IPs

    If your concern is connectivity, all you need is to setup routes on both routers. Without access to router A, there's really nothing you can do.

    Since the network is connected physically, meaning you will have additional point to point link between the routers
    Router A
    ip address
    ip route

    Router B
    ip route 159.x.x.0

    You will need the actual subnet mask on router A. I took a guess on the subnet mask for that network

    Author Comment

    Hi, Yes I am aware of just routing the traffic.  I do not have access to Router A. A way around this is to NAT the traffic. If I put all computers on 192.168.13.x network on Router B then I should be able to setup 159.x.x.2 on Router B and route all 156.x.x.x traffic through 159.x.x.1. I would NAT between 192.168.13.x and 159.x.x.x so that all traffic looks like it's coming from a 159.x.x.x address which would then go through Router A and I would not need access.

    Does that make sense?
    LVL 18

    Assisted Solution

    Yes, it makes sense but it won't work.

    The 192.168.13.x computers will be able to get to the 159.x.x.x computers and will get replies using PAT. However, the 159.x.x.x  computers would not be able to initiate traffic to the 192.168.13.x computers. This is assuming that the ISP will acknowlege the IP you configured on Router B.

    The routes from the ISP will be directed to the node that Router A connects to and not your nodes, unless if you are connected to the same node

    There's a lot more than I've identified here as I don't know what your actual topology is.

    Author Comment

    That may be ok. Traffic won't be initiated from 159.x to 192.x network. That would be using PAT, what about NAT? Can I just create a NAT pool?
    LVL 18

    Expert Comment

    I thought you only have 1 IP for the 192x in which case NAT Pool will be unnecessary as there's only 1 IP

    Do you have a topology sketch you can post?
    I will need that to determine your concept accurately.

    Author Comment

    I figured it out by just overloading a L3 interface and using a route-map to NAT the traffic.

    I control the 192 subnet, so I have as much as I need.  I don't have control of the 159 network. I don't need the 159 network to initiate traffic to 192.

    The only other way to have 159 to talk directly to the 192 side would be a static 1-1 NAT correct?
    LVL 18

    Accepted Solution

    Yes, you will need a NAT address each  for every 192.x address in order for 159.x to be able to initiate traffic

    Write Comment

    Please enter a first name

    Please enter a last name

    We will never share this with anyone.

    Featured Post

    Looking for New Ways to Advertise?

    Engage with tech pros in our community with native advertising, as a Vendor Expert, and more.

    This is an article about my experiences with remote access to my clients (so that I may serve them) and eventually to my home office system via Radmin Remote Control. I have been using remote access for over 10 years and have been improving my metho…
    ADCs have gained traction within the last decade, largely due to increased demand for legacy load balancing appliances to handle more advanced application delivery requirements and improve application performance.
    Viewers will learn how to connect to a wireless network using the network security key. They will also learn how to access the IP address and DNS server for connections that must be done manually. After setting up a router, find the network security…
    After creating this article (, I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

    794 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    17 Experts available now in Live!

    Get 1:1 Help Now