cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
417
Views
0
Helpful
5
Replies

NAT through point-to-point

snickered
Level 1
Level 1

First off. Fe0/1 is "ip nat outside", Fe0/0 is "ip nat inside" and Se0/1 isn't a nat interface on R1. On R2; I have Se0/1 which isn't a nat interface, Fe0/0 which is "ip nat inside" and Fe0/1 which is "ip nat outside".

My ISP has given me some IP addresses that are pointed at 11.11.11.11 and I normally just go through the motions of nat'ing them to Fe0/0. I have a situation where I need one of the IP addresses that my ISP has pointed to 11.11.11.11 to go to the 192.168.2.0/24 network. I have to put a webserver there. I can't figure this out. Any ideas?

5 Replies 5

Jon Marshall
Hall of Fame
Hall of Fame

Steven

I'm a little bit confused. Lets say the IP address supplied by ISP is 195.177.10.10

ip nat inside source static 195.177.10.10 192.168.2.7

where 192.168.2.7 is the web server.

On the s0/1 interface on R1

int s0/1

ip nat inside

Jon

I don't want to NAT on that interface, do I? What effect will that have on the routing between the two sites? I don't want NAT between the LAN's of both sites. Meaning... if I hit a box on the 192.168.1.0/24 network from 192.168.2.15 I want the source IP address to be 192.168.2.15. Does that make sense?

"Meaning... if I hit a box on the 192.168.1.0/24 network from 192.168.2.15 I want the source IP address to be 192.168.2.15. Does that make sense?"

Yes makes sense and it won't NAT or put it another way it will only NAT what you tell it to NAT. By putting "ip nat inside" under the s0/1 interface this does not mean all traffic coming in on that interface will be natted.

What will get natted is 192.168.2.7 but even that would only get natted if it goes out through the fa0/1 interface because that has an "ip nat outside" statement under the interface.

Jon

Ok. What about s0/1 on R2? Since fa0/0 on R2 is "ip nat inside" does it need to be "ip nat outside"?

I don't understand the purpose of the "ip nat outside/inside" statements applied to interfaces. I was always just told I needed them to translate a "public" IP to a "private" IP. Can you point me to something that will clarify what happens when those are applied to interfaces? Thanks Jon.

"Ok. What about s0/1 on R2? Since fa0/0 on R2 is "ip nat inside" does it need to be "ip nat outside"?"

No because you don't need to NAT the packet twice. If you do the NAT on R1 then you can just leave the packet alone on R2 and just route it.

"I was always just told I needed them to translate a "public" IP to a "private" IP."

They do but it is important to realise that just by putting these statements under interfaces does not mean traffic will be natted. You need to either then add further config to your router eg.

On router R1

dynamic nat

access-list 101 permit ip 192.168.1.0 0.0.0.255 any

ip nat inside source list 101 interface fa0/1 overload

This would NAT all 192.168.1.0/24 source addresses to 11.11.11.11 id the traffic was going out of the fa0/1 interface. It would dynamically NAT it because all 192.168.1.x addresses are hidden behind the 11.11.11.11 address.

or you can use static NAT - see my previous post for an example.

Also have a look at this doc on NAT and if you have further questions then come back.

http://www.cisco.com/en/US/technologies/tk648/tk361/tk438/technologies_white_paper09186a0080091cb9.html

Jon

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: