Configuring NAT

Configuring NAT

in the LAB configuration below:
I have R1 and R2 in subnet 192.168.12.0/24 ----R3 in subnet 10.10.13.0/16  and R4 in subnet 10.10.24.0/16

I would like to have R3 be able to ping R4

The NAT configuration does not seem to work as it is supposed to.
Any Help ?

Thank you

n




R1#sh run 
Building configuration...

Current configuration : 2199 bytes
!
! Last configuration change at 02:39:42 CET Sun Sep 2 2018
!
version 15.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname R1
!
boot-start-marker
boot-end-marker
!
aqm-register-fnf
!
!
no aaa new-model
clock timezone CET 1 0
mmi polling-interval 60
no mmi auto-configure
no mmi pvc
mmi snmp-timeout 180
!
!
!
!
!
!


!
!
!
!
ip cef
no ipv6 cef
!
multilink bundle-name authenticated
!
!
!
!
!
!
!         
!
!
redundancy
!
!
! 
!
!
!
!
crypto isakmp policy 5
 encr 3des
 authentication pre-share
 group 2
crypto isakmp key cisco@123 address 192.168.12.2   
!
!
crypto ipsec transform-set MY-SET esp-aes esp-md5-hmac 
 mode tunnel
!
!
!
crypto map IPSEC-SITE-TO-SITE-VPN 10 ipsec-isakmp 
 ! Incomplete
 set transform-set MY-SET 
 match address VPN-TRAFFIC
!
!
!
!
!
interface Ethernet0/0
 ip address 192.168.12.1 255.255.255.0
 crypto map IPSEC-SITE-TO-SITE-VPN
!
interface Ethernet0/1
 ip address 10.10.13.1 255.255.0.0
!
interface Ethernet0/2
 no ip address
 shutdown
!
interface Ethernet0/3
 no ip address
 shutdown
!         
interface Ethernet1/0
 no ip address
 shutdown
!
interface Ethernet1/1
 no ip address
 shutdown
!
interface Ethernet1/2
 no ip address
 shutdown
!
interface Ethernet1/3
 no ip address
 shutdown
!
interface Serial2/0
 no ip address
 shutdown
 serial restart-delay 0
!
interface Serial2/1
 no ip address
 shutdown
 serial restart-delay 0
!
interface Serial2/2
 no ip address
 shutdown
 serial restart-delay 0
!
interface Serial2/3
 no ip address
 shutdown
 serial restart-delay 0
!
interface Serial3/0
 no ip address
 shutdown
 serial restart-delay 0
!
interface Serial3/1
 no ip address
 shutdown
 serial restart-delay 0
!         
interface Serial3/2
 no ip address
 shutdown
 serial restart-delay 0
!
interface Serial3/3
 no ip address
 shutdown
 serial restart-delay 0
!
ip forward-protocol nd
!
!
no ip http server
no ip http secure-server
ip nat inside source list 101 interface Ethernet0/0 overload
!
ip access-list extended VPN-TRAFFIC
 permit ip 10.10.13.0 0.0.0.255 10.10.24.0 0.0.0.255
!
!
!
!         
control-plane
!
!
!
!
!
!
!
!
line con 0
 logging synchronous
line aux 0
line vty 0 4
 login
 transport input none
!
!
end

R1#

Open in new window



R2#show running-config 
Building configuration...

Current configuration : 2267 bytes
!
! Last configuration change at 02:36:49 CET Sun Sep 2 2018
!
version 15.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname R2
!
boot-start-marker
boot-end-marker
!
aqm-register-fnf
!
!
no aaa new-model
clock timezone CET 1 0
mmi polling-interval 60
no mmi auto-configure
no mmi pvc
mmi snmp-timeout 180
!
!
!
!
!
!


!
!
!
!
ip cef
no ipv6 cef
!
multilink bundle-name authenticated
!
!
!
!
!
!
!         
!
!
redundancy
!
!
! 
!
!
!
!
crypto isakmp policy 5
 encr 3des
 authentication pre-share
 group 2
crypto isakmp key cisco@123 address 192.168.12.1   
!
!
crypto ipsec transform-set MY-SET esp-aes esp-md5-hmac 
 mode tunnel
!
!
!
crypto map IPSEC-SITE-TO-SITE-VPN 10 ipsec-isakmp 
 ! Incomplete
 set transform-set MY-SET 
 match address VPN-TRAFFIC
!
!
!
!
!
interface Ethernet0/0
 ip address 192.168.12.2 255.255.255.0
 crypto map IPSEC-SITE-TO-SITE-VPN
!
interface Ethernet0/1
 ip address 10.10.24.2 255.255.0.0
!
interface Ethernet0/2
 no ip address
 shutdown
!
interface Ethernet0/3
 no ip address
 shutdown
!         
interface Ethernet1/0
 no ip address
 shutdown
!
interface Ethernet1/1
 no ip address
 shutdown
!
interface Ethernet1/2
 no ip address
 shutdown
!
interface Ethernet1/3
 no ip address
 shutdown
!
interface Serial2/0
 no ip address
 shutdown
 serial restart-delay 0
!
interface Serial2/1
 no ip address
 shutdown
 serial restart-delay 0
!
interface Serial2/2
 no ip address
 shutdown
 serial restart-delay 0
!
interface Serial2/3
 no ip address
 shutdown
 serial restart-delay 0
!
interface Serial3/0
 no ip address
 shutdown
 serial restart-delay 0
!
interface Serial3/1
 no ip address
 shutdown
 serial restart-delay 0
!         
interface Serial3/2
 no ip address
 shutdown
 serial restart-delay 0
!
interface Serial3/3
 no ip address
 shutdown
 serial restart-delay 0
!
ip forward-protocol nd
!
!
no ip http server
no ip http secure-server
ip nat inside source list 101 interface Ethernet0/0 overload
!
ip access-list extended VPN-TRAFFIC
 permit ip 10.10.24.0 0.0.0.255 10.10.13.0 0.0.0.255
!
!
!
access-list 101 deny   ip 10.10.24.0 0.0.0.255 10.10.13.0 0.0.0.255
!
control-plane
!
!
!
!
!
!
!
!
line con 0
 logging synchronous
line aux 0
line vty 0 4
 login
 transport input none
!
!
end

R2# 

Open in new window




R3#sh run
Building configuration...

Current configuration : 1685 bytes
!
! Last configuration change at 02:42:03 CET Sun Sep 2 2018
!
version 15.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname R3
!
boot-start-marker
boot-end-marker
!
aqm-register-fnf
!
!
no aaa new-model
clock timezone CET 1 0
mmi polling-interval 60
no mmi auto-configure
no mmi pvc
mmi snmp-timeout 180
!
!
!
!
!
!


!
!
!
!
ip cef
no ipv6 cef
!
multilink bundle-name authenticated
!
!
!
!
!
!
!         
!
!
redundancy
!
!
! 
!
!
!
!
!
!
!
!
!
!
!
!
interface Ethernet0/0
 ip address 10.10.13.3 255.255.0.0
!
interface Ethernet0/1
 no ip address
 shutdown
!
interface Ethernet0/2
 no ip address
 shutdown
!
interface Ethernet0/3
 no ip address
 shutdown
!
interface Ethernet1/0
 no ip address
 shutdown
!
interface Ethernet1/1
 no ip address
 shutdown
!
interface Ethernet1/2
 no ip address
 shutdown
!
interface Ethernet1/3
 no ip address
 shutdown
!
interface Serial2/0
 no ip address
 shutdown
 serial restart-delay 0
!
interface Serial2/1
 no ip address
 shutdown
 serial restart-delay 0
!
interface Serial2/2
 no ip address
 shutdown
 serial restart-delay 0
!
interface Serial2/3
 no ip address
 shutdown
 serial restart-delay 0
!         
interface Serial3/0
 no ip address
 shutdown
 serial restart-delay 0
!
interface Serial3/1
 no ip address
 shutdown
 serial restart-delay 0
!
interface Serial3/2
 no ip address
 shutdown
 serial restart-delay 0
!
interface Serial3/3
 no ip address
 shutdown
 serial restart-delay 0
!
ip forward-protocol nd
!
!         
no ip http server
no ip http secure-server
!
!
!
!
control-plane
!
!
!
!
!
!
!
!
line con 0
 logging synchronous
line aux 0
line vty 0 4
 login
 transport input none
!
!         
end

R3# 

Open in new window




R4#sh running-config 
Building configuration...

Current configuration : 1685 bytes
!
! Last configuration change at 02:38:07 CET Sun Sep 2 2018
!
version 15.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname R4
!
boot-start-marker
boot-end-marker
!
aqm-register-fnf
!
!
no aaa new-model
clock timezone CET 1 0
mmi polling-interval 60
no mmi auto-configure
no mmi pvc
mmi snmp-timeout 180
!
!
!
!
!
!


!
!
!
!
ip cef
no ipv6 cef
!
multilink bundle-name authenticated
!
!
!
!
!
!
!         
!
!
redundancy
!
!
! 
!
!
!
!
!
!
!
!
!
!
!
!
interface Ethernet0/0
 ip address 10.10.24.4 255.255.0.0
!
interface Ethernet0/1
 no ip address
 shutdown
!
interface Ethernet0/2
 no ip address
 shutdown
!
interface Ethernet0/3
 no ip address
 shutdown
!
interface Ethernet1/0
 no ip address
 shutdown
!
interface Ethernet1/1
 no ip address
 shutdown
!
interface Ethernet1/2
 no ip address
 shutdown
!
interface Ethernet1/3
 no ip address
 shutdown
!
interface Serial2/0
 no ip address
 shutdown
 serial restart-delay 0
!
interface Serial2/1
 no ip address
 shutdown
 serial restart-delay 0
!
interface Serial2/2
 no ip address
 shutdown
 serial restart-delay 0
!
interface Serial2/3
 no ip address
 shutdown
 serial restart-delay 0
!         
interface Serial3/0
 no ip address
 shutdown
 serial restart-delay 0
!
interface Serial3/1
 no ip address
 shutdown
 serial restart-delay 0
!
interface Serial3/2
 no ip address
 shutdown
 serial restart-delay 0
!
interface Serial3/3
 no ip address
 shutdown
 serial restart-delay 0
!
ip forward-protocol nd
!
!         
no ip http server
no ip http secure-server
!
!
!
!
control-plane
!
!
!
!
!
!
!
!
line con 0
 logging synchronous
line aux 0
line vty 0 4
 login
 transport input none
!
!         
end

R4# 

Open in new window

jskfanAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

JustInCaseCommented:
The NAT configuration does not seem to work as it is supposed to.
Actually, many things are not implemented correctly  including NAT (ip nat inside/outside is missing on physical interfaces). Even if we ignore/correct NAT misconfiguration(s), Issue is that you can't break basic network principles by configuring NAT on routers.

There are many configuration errors for scenario where 2 end hosts belong to the same IP address range and want to communicate with each other (and having L3 network(s) between those 2 devices). There are few possible solutions (including solution that include NAT).
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
jskfanAuthor Commented:
JustInCase,
Can you ,for now, just paste the correct NAT configuration, that will enable to ping from R3 (10.10.13.3) to R4(10.10.24.4) ?
I will post later a separate question for Site to Site VPN (ISAKMP,IPSEC,etc...)

Thank you
0
mikecrCommented:
First thing is you need to fix your routing. There is no routing on your routers to tell how to get back and forth to each other. You at least need a default route on each router to point where you want your traffic to go.
2
Powerful Yet Easy-to-Use Network Monitoring

Identify excessive bandwidth utilization or unexpected application traffic with SolarWinds Bandwidth Analyzer Pack.

JustInCaseCommented:
@mikecr
Actually, in topology (as it is drawn) with NAT parts correctly configured, default route (or more specific route) may only need to be configured on R3 and R4 (at least in simplest possible NAT solution). :)

@Author
Pasting functional code is not my favorite part. If you are simply trying to ping 10.10.24.4 from R3 it can't work even if routes and NAT are configured properly (to be able to ping 10.10.24.4 from R3 you would need something like L2TPv3 configured on devices, but there is a working solution that is including NAT, but, in that case, you would not issue ping 10.10.24.4 to be able to ping 10.10.24.4 device).
0
jskfanAuthor Commented:

First thing is you need to fix your routing. There is no routing on your routers to tell how to get back and forth to each other. You at least need a default route on each router to point where you want your traffic to go.


Correct .. I fixed that now..I will try to proceed with  Site to Site VPN and see...
0
jskfanAuthor Commented:
Thank you
0
JustInCaseCommented:
Points are assigned to member that did not suggest route fixing, but routing in this case is not even solving basic problem that is present in topology how to ping IP address that has overlapping network range, but it is not a part of the local subnet.
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Routers

From novice to tech pro — start learning today.