Trying to NAT in a Mobile Node through a mobile tunnel

Unanswered Question
Mar 16th, 2008

Customer has a requirement to send data to a serial port on a 3200 Mobile Access Router using SLIP on the serial interface. Since the mobile network is the only one visible from the HA, I'm trying to NAT from the mobile network to another subnet hanging off the serial port. I seem to be having problems with routing because I can't get the NAT to work even though the default route in the MAR is the Tunnel0 interface. Is there something different that needs to be done to work with the mobile ip tunnel?

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
d.bisset Tue, 03/25/2008 - 10:22

Thanks for the link but the Troubleshooting guide does not cover what I'm trying to do. I have the tunnel setup and working with no problem. I'm trying to NAT an address from the serial port to an address in the mobile network in the MAR so a server at the other end of the mobile tunnel can get to the device connected to the serial interface on the MAR. NAT appears to not work because of the lack of a route. The route it needs to use is through Tunnel0 which is also the default route. If I add a static route that points to a VLAN interface in the MAR, the translation occurs but of course the real interface doesn't go anywhere. I need it to use the Tunnel0 interface so I need to know what it would take for NAT to recognize Tunnel0 as a valid interface.

Paolo Bevilacqua Tue, 03/25/2008 - 12:30

Do you have "ip nat inside" under tunnel0 ?

Please explain the topology again as I might be missing something of that, what is the reason for nat in first place.

d.bisset Tue, 03/25/2008 - 13:15

Topology is a Mobile Access Router (MAR) on a vehicle with a mobile tunnel (Tunnel0) which goes back to the data center via the Home Agent (HA). A server in the data center needs to send ip packets to a device that is connected to the Serial interface on the MAR. Since the Serial interface is a routed interface and the only network the HA knows how to get to is the subnet of the mobile router, the server needs to send to an IP address within the MARs mobile subnet. So to get to another subnet connected to the MAR, I need to translate a MAR subnet address to another subnets address that is connected to the serial port.

Serial port is 'ip nat outside'

Vlan 10 (which is the MAR subnet) is 'ip nat inside'.

The default route when the mobile tunnel is built is 'Tunnel0'. Tunnel0 is dynamic and is not statically defined. See below:

interface Serial1/0

ip address 10.210.0.254 255.255.0.0

ip nat outside

!

.

!

interface Vlan10

ip address 10.240.0.1 255.255.255.192

ip nat inside

ip virtual-reassembly

!

.

ip nat outside source static 10.210.100.15 10.240.0.12

.

.

0002-MAR#sho ip route

Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP

D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area

N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2

E1 - OSPF external type 1, E2 - OSPF external type 2

i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2

ia - IS-IS inter area, * - candidate default, U - per-user static route

o - ODR, P - periodic downloaded static route

Gateway of last resort is 0.0.0.0 to network 0.0.0.0

172.27.0.0/16 is variably subnetted, 3 subnets, 3 masks

M 172.27.255.253/32 [3/1] via 10.240.0.250, 00:42:26, FastEthernet0/0

C 172.27.0.0/18 is directly connected, Vlan23

C 172.27.64.0/19 is directly connected, Vlan22

10.0.0.0/8 is variably subnetted, 5 subnets, 4 masks

M 10.240.0.250/32 [3/1] via 10.240.0.250, 00:42:26, FastEthernet0/0

C 10.240.0.248/30 is directly connected, FastEthernet0/0

C 10.210.0.0/16 is directly connected, Serial1/0

C 10.255.255.254/32 is directly connected, Loopback0

C 10.240.0.0/26 is directly connected, Vlan10

M* 0.0.0.0/0 is directly connected, Tunnel0

0002-MAR#sho ip nat trans

Pro Inside global Inside local Outside local Outside global

--- --- --- 10.240.0.12 10.210.100.15

0002-MAR#

Hope that helps. Thanks for your patience

Paolo Bevilacqua Tue, 03/25/2008 - 15:11

Hi, you don't really to do nat just to route one address for the device.

Just borrow an unused address from the subnet assigned to the MAR, assign it to the device, on the router configure a so-called host route:

ip route 10.240.0.2 255.255.255.255 serial 1/0

Good luck!

d.bisset Wed, 03/26/2008 - 12:38

I was not able to get it to work. Does the serial interface need an address? What would I put on the device for a default gateway? I don't see how it would work if the serial interface is a routed interface.

Paolo Bevilacqua Wed, 03/26/2008 - 13:13

Serial interface can either have a subnet of his own or unnumbered to any other interface in MAR, whateve is preferred by device.

Device must have default gateway going into serial one way or another. Once you can ping from any interface in MAR, to the device by virtue of said host-route, you should be set.

Actions

This Discussion