05-22-2007 10:23 PM - edited 03-05-2019 04:13 PM
Hi all,
Here if I am initaing a connection from server 10.134.14.1 to server 192.168.7.11
server( 10.134.14.1)---t2----l2switch----t1----server(192.168.7.11)
t2 router (seen on the router)
Inside Local Inside Global Outside Local Outside Global
10.4.18.13 192.168.7.11 10.134.14.1 10.134.14.1
and at t1 router
Inside Local Inside Global Outside Local Outside Global
192.168.8.10 10.134.14.1 192.168.7.11 192.168.7.11
t1 :config
ip nat pool Server 192.168.8.10 192.168.8.11 netmask 255.255.252.0
ip access-list extended NATacl
permit ip any host 192.168.7.11
deny ip any any
route-map Nmap permit 10
match ip address NATacl
t2:config
ip nat inside source static 192.168.7.11 10.134.18.13
Can any one plz explain how this is working
As per config my s-10.134.14.1 d-192.168.7.11
tranalted s:10.4.18.13 but here it is showing the opposite in ip nat translation
Could any one please clarify
Thanks in advance
Raj
05-22-2007 11:13 PM
Hi,
I would like to help you, but what is your nat inside interface and what is your nat outside interface?
Traditional NAT is based on source.
Do you want source-based or destination-based NAT ?
I quess that you want source-based nat,
then your config on t1 would be just like this:
ip nat inside source static 192.168.7.11 10.134.18.13
int e0
ip add 192.168.7.X
ip nat inside
int e1
10.134.18.X
ip nat outside
BR,
Bjornarsb
05-22-2007 11:32 PM
Hi,
Thanks for ur reply
but my config is opposite to what u mention :
t t1
interface Giga
description INTERNAL
ip address 10.134.16.x 255.255.255.252
ip nat inside
interface GigabitEthernet0/1.11
description EXTERNAL
ip address 192.168.7.1 255.255.255.0
ip nat outside
and at t2:
interface GigabitEthernet
description switchside
ip address 10.134.16.y 255.255.255.252
ip nat inside
interface GigabitEthernet0/1.1
description internal
ip address 10.134.14.6 255.255.255.x
At t2 I have a destination nat pool 10.134.16.x
and at t1 i have source nat pool as 192.168.8.0
Could u please point out the translation that is happening
Raj
05-22-2007 11:53 PM
Hi,
I'm sorry but I'm confused about how you have set up ip nat inside and ip nat outside. :)
As far as I can see you should change your configuration at both t1 and t2.
I would strongly recommend that the 10.134.16.x 255.255.255.252 network is configured as ip nat outside.
Then it would be a better approach and the config like my first post just changing e 1 interface ip and provide for routing of 10.134.18.13.
HTH
Regards,
Bjornarsb
05-23-2007 12:07 AM
Hi,
Thats just the problem
the design was made by some one else and I am trying to figure out how things are working
according to me also it should be opposite
but its working perfect in this scenerio.
so I am trying to figure out how
Raj
05-23-2007 12:30 AM
Hi,
Ok I surrender :)
you have :
t2:config
ip nat inside source static 192.168.7.11 10.134.18.13
neither of this IP's are configured on the router ???
I quess you need to post the complete config of your routers :)
BR,
Bjornarsb
05-23-2007 12:38 AM
Hi,
U are correct .
These ips are not in the t2 router.
Theres a little problem in attching the configs .
But it is as I say it .
If u see the first post I put in the translations.
Now according to me the global inside should be 10.134.18.13 instead of the ip that is initiating traffic
I am really confused here .
Please see if u can see any light in the translations
Raj
05-23-2007 01:00 AM
Hi,
OK, now I think that I've understood it :)
The config that confuse us is this:
ip nat inside source static 192.168.7.11 10.134.18.13
This statement is not active at all.
So when you telnet you match the:
permit ip any host 192.168.7.11 and
get translated to 192.168.8.10
then the active translation is :
192.168.8.10 10.134.14.1 192.168.7.11 192.168.7.11
Because 192.168.7.11 is belonging to an
ip nat outside enabeled interface on t1.
By the way can you post the NAT statement on t1 ?
I quess its : ip nat inside source route-map Nmap pool Server
HTH
Pleas do rate all helpfull posts.
BR,
Bjornarsb
05-23-2007 01:25 AM
Hi,
Please refer to my first post .
It gives the sh ip nat command as t1(router ) with inside local and global address .
So when u say that the static translation is not active then how can we match the translation at t1.
I have given the sh ip nat translation for both t1 and t2 in the first post .
If u ignore that static tranlation all is good
But I have been told that desitation nat is happening here
Thanks
Raj
05-23-2007 01:32 AM
Hi,
The static nat statement on t2 is not active.
You cannot translate from inside to outide
when the IP's are not either from source int or destination int. It shows up in your output because its a static statement.
I claim that if you remove ip nat inside source static 192.168.7.11 10.134.18.13
on t2 it still will work :)
So the nat statement on t1 is active and it work as I posted in my previous post.
:)
Regards,
Bjornarsb
05-23-2007 01:51 AM
Hi,
I cannot agree with u there .
What I see in sh ip nat translation is :
Inside Local Inside Global Outside Local Outside Global
10.4.18.13 192.168.7.11 10.134.14.1 10.134.14.1
In case it was not active I would have something like
Inside Local Inside Global Outside Local Outside Global
10.4.18.13 192.168.7.11 --- ---- as per the static statement
Dont u think so ?
Raj
05-23-2007 02:54 AM
Hi,
I see, then You do NAT in both directions.
I cannot see why you have to do that ?
To be able to see that I need to see your complete configuration. I could be somtehing about how you have set up routing.
By the way, why do you realy use nat at all.
You are using private addresses and I cannot see that you have overlapping networks :)
So this is how it works:
Source to Destination traffic flow:
You telnet from 10.134.14.1
wich is your outside. This traffic match you route-map since you telnet to 192.168.7.11
and your source 10.134.14.1 is translated to 192.168.8.10
Destination to source traffic flow:
Return trafffic from 192.168.7.11 which is outside get translated into 10.4.18.13.
So on t2 it "looks" like traffic are comming from 10.4.18.13.
So on t1 it "looks" like traffic are comming from 192.168.8.10
OK ?
Regards,
Bjornarsb
05-23-2007 08:18 PM
Hi,
"You telnet from 10.134.14.1
wich is your outside" This is not outside but inside network behind the router t2.
the gateway of the server 10.134.14.1 is t2 inside interface .
My source is 10.134.14.1 and it is initiating the traffic .In router t2 10.134.14.1 is shown as destination but not as source.So it is apprently not matching the static source translation .
Instead of the global address 192.168.7.11 going to t1 the 10.134.14.1 address appears.
So what is the use of the nat I cannot figure out.
Still confused as ever.
Thanks
Raj
05-23-2007 11:02 PM
Hi,
This is why your setup is confusing :)
You telnet from 10.134.14.1 and according to nat its your outside :) But you think of it as inside ofcource :) And indeed its your source initiating traffic. That was why I suggested that 10.134.16.y 255.255.255.252 link should be your outside :)
it works because t1 and t2 have nat translation tables keeping track of inside and outside ( in terms of the NAT :) )
HTH
Please check the scroll-bar at the bottom right on every post :)
BR,
Bjornarsb
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: