NAT through point-to-point

Unanswered Question
Oct 24th, 2008

First off. Fe0/1 is "ip nat outside", Fe0/0 is "ip nat inside" and Se0/1 isn't a nat interface on R1. On R2; I have Se0/1 which isn't a nat interface, Fe0/0 which is "ip nat inside" and Fe0/1 which is "ip nat outside".


My ISP has given me some IP addresses that are pointed at 11.11.11.11 and I normally just go through the motions of nat'ing them to Fe0/0. I have a situation where I need one of the IP addresses that my ISP has pointed to 11.11.11.11 to go to the 192.168.2.0/24 network. I have to put a webserver there. I can't figure this out. Any ideas?



Attachment: 
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Jon Marshall Fri, 10/24/2008 - 12:28

Steven


I'm a little bit confused. Lets say the IP address supplied by ISP is 195.177.10.10


ip nat inside source static 195.177.10.10 192.168.2.7


where 192.168.2.7 is the web server.


On the s0/1 interface on R1


int s0/1

ip nat inside


Jon

snickered Fri, 10/24/2008 - 13:10

I don't want to NAT on that interface, do I? What effect will that have on the routing between the two sites? I don't want NAT between the LAN's of both sites. Meaning... if I hit a box on the 192.168.1.0/24 network from 192.168.2.15 I want the source IP address to be 192.168.2.15. Does that make sense?

Jon Marshall Fri, 10/24/2008 - 13:24

"Meaning... if I hit a box on the 192.168.1.0/24 network from 192.168.2.15 I want the source IP address to be 192.168.2.15. Does that make sense?"


Yes makes sense and it won't NAT or put it another way it will only NAT what you tell it to NAT. By putting "ip nat inside" under the s0/1 interface this does not mean all traffic coming in on that interface will be natted.


What will get natted is 192.168.2.7 but even that would only get natted if it goes out through the fa0/1 interface because that has an "ip nat outside" statement under the interface.


Jon


snickered Fri, 10/24/2008 - 13:45

Ok. What about s0/1 on R2? Since fa0/0 on R2 is "ip nat inside" does it need to be "ip nat outside"?


I don't understand the purpose of the "ip nat outside/inside" statements applied to interfaces. I was always just told I needed them to translate a "public" IP to a "private" IP. Can you point me to something that will clarify what happens when those are applied to interfaces? Thanks Jon.

Jon Marshall Fri, 10/24/2008 - 13:54

"Ok. What about s0/1 on R2? Since fa0/0 on R2 is "ip nat inside" does it need to be "ip nat outside"?"


No because you don't need to NAT the packet twice. If you do the NAT on R1 then you can just leave the packet alone on R2 and just route it.


"I was always just told I needed them to translate a "public" IP to a "private" IP."


They do but it is important to realise that just by putting these statements under interfaces does not mean traffic will be natted. You need to either then add further config to your router eg.


On router R1


dynamic nat


access-list 101 permit ip 192.168.1.0 0.0.0.255 any


ip nat inside source list 101 interface fa0/1 overload


This would NAT all 192.168.1.0/24 source addresses to 11.11.11.11 id the traffic was going out of the fa0/1 interface. It would dynamically NAT it because all 192.168.1.x addresses are hidden behind the 11.11.11.11 address.


or you can use static NAT - see my previous post for an example.


Also have a look at this doc on NAT and if you have further questions then come back.


http://www.cisco.com/en/US/technologies/tk648/tk361/tk438/technologies_white_paper09186a0080091cb9.html


Jon




Actions

This Discussion