Internet sharing

satyamothukuri · ‎09-14-2008

Hi,

I am having a branch office connected to my head office through leased line and internet connected through Ethernet at my head office. I want to share my internet to my branch office. Please help me in conferring this. Please give configuration example.

Regards,

Satya.

Giuseppe Larosa · ‎09-14-2008

Hello Satya,

here what is needed is to modify the NAT configuration on the head office router so that also ip addresses of the branch are translated and allowed to go to internet.

Example:

let's suppose that:

s0/0 connects to ISP

s0/1 connects to branch office

fas0/0 is the link to head office lan

10.10.100.0/24 is the head office lan ip subnet

10.10.120.0/24 is the branch office lan

current config that allows to use internet at the head office should look like

int ser0/0

ip nat outside

int fas0/0

ip nat inside

access-list 101 deny ip 10.10.100.0 0.0.0.255 10.10.120.0 0.0.0.255

access-list 101 permit ip 10.10.100.0 0.0.0.255 any

route-map selective_NAT permit 10

match ip address 101

ip nat inside source route-map selective_NAT interface se0/0 overload

Now the configuration has to be changed to add support for NAT of the branch office's lan users.

changes to be added :

int ser0/1

ip nat inside

access-list 102 deny ip 10.10.120.0 0.0.0.255 10.10.100.0 0.0.0.255

access-list 102 permit ip 10.10.120.0 0.0.0.255 any

route-map selective_NAT permit 20

match ip address 102

NAT has to be avoided when going from branch lan to head office lan.

Actually the config could be simpler because translation shouldn't be made when going from a nat inside to another nat inside interface.

Hope to help

Giuseppe