How to NAT in Cisco 2851

Unanswered Question


We have a 3 node ELAN (100 MBPS) with 2851 connecting 1 Main and 2 satellite offices(SO). The Main office is connected to a Private Network via Nortel devices and routed accordingly. But we need to be able to connect to devices in the Nortel PN from the 2 satellites offices. The Network Security liason at the PN does not allow routing to happen to this 2 satellites office because of segments are RFC1918. They have recommended to have traffic from this SO be NAT'ED into ip's from segment from Main office. Problem is I dont know how to do this? Can this be accomplished with this setup? Do I need another device to perform the NATing?


I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Jon Marshall Tue, 03/30/2010 - 12:38


Your diagram is not very clear. Is the 2851 meant to be represented by the 3 blue circles ?

Can you post an example of what you would like ie.

private address in satellite office =

address from your main site that you want to NAT the private address to =

You should be able to do this with your router, just need some clarification.


Jon Marshall Tue, 03/30/2010 - 13:14


Okay, lets assume the following -

private ip =

ip from main site to use for NAT  =  <-- note that this IP address must not be used for anything else -

on your 2811 router -

on the interface connecting to the network eg. fa0/0

int fa0/0

ip nat inside

on the interface connecting to the network eg fa0/1

int fa0/1

ip nat outside


ip nat inside source static

then the connection would be made to from the Nortel side.


Cisco are currently donating money to the Haiti earthquake appeal for every rating so please consider rating all helpful posts.

Jon Marshall Tue, 03/30/2010 - 16:22


Actually if all the blue circles are the 2811 then i made a slight mistake in the previous post.

You need to apply the "ip nat outside" command under the interface connecing to the serial connection ie. bottom right of your diagram eg.

int s0/0

ip nat outside

all the rest of the config is still correct. Apologies for that.


SO far I have done this

On R1

in GE 0/1

ip nat inside

On R3

in GE 0/1

ip nat outside

ip nat inside source static

Pro Inside global      Inside local       Outside local      Outside global
---     ---                ---

Results ... from the Nortel side ping and tracert completes to, but cannot RDC to the server from the Nortel side


This Discussion