NAT in same subnet using 1811 router

Unanswered Question
Sep 1st, 2009

Hi

Does Cisco has something that help translate 10.32.10.10 to 10.32.10.20 ?I have a requirement here where the destination for 1811 router is 10.32.10.10 (This is the host on the otherside of vpn tunnel).I want to translate this 10.32.10.10 to 10.32.10.20 so that I can hardcode this ip in a home grown application.Somebody told me that NVI will help do this but I do not see this happening

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Peter Paluch Tue, 09/01/2009 - 09:03

Hello,

Regarding the NVI, you can do it as follows:

interface XYZ

ip nat enable

no ip redirect

ip nat source static 10.32.10.10 10.32.10.20

I assume that the 10.32.10.10 is on the 'internal' side while the 10.32.10.20 is on the 'external' side. Pay attention that the "ip nat" command does not have the word "inside" in it - that's normal and it's the way it should be.

Best regards,

Peter

CCDECCDE9 Tue, 09/01/2009 - 09:21

10.32.10.10 is the interesting traffic and is the destination for my router.

Peter Paluch Tue, 09/01/2009 - 09:33

Hi,

I'm somewhat confused - you have introduced yet another addresses here. Please try to explain this on an example of a packet flow that undergoes the NAT procedure you want to implement.

Best regards,

Peter

CCDECCDE9 Tue, 09/01/2009 - 10:21

I have LAN to LAN tunnel on 1811

inside =172.17.10.10

outside=209.167.x.x

source=172.17.10.5

Destination=10.32.10.10 --this is on the other side of the tunnel.I want to NAT this ip to 10.32.10.20 and this should be reachable from my source 172.17.10.5

Peter Paluch Tue, 09/01/2009 - 10:34

Hello,

I still do not completely understand the addressing issues. I assume that you have an IPsec tunnel and it is configured using crypto maps, no Tunnel interfaces are used. Is that correct? Moreover, your LAN uses the space 172.17.10.0/24 while the remote LAN uses 10.32.10.0/24, is that correct?

But another thing has come to my mind: If you just want some IP to be reachable under a different IP, why don't you define a secondary IP address?

interface XYZ

ip address 10.32.10.10 255.255.255.0

ip address 10.32.10.20 255.255.255.0 secondary

Best regards,

Peter

Actions

This Discussion