How to NAT in Cisco 2851

Unanswered Question

ELAN.gif

We have a 3 node ELAN (100 MBPS) with 2851 connecting 1 Main and 2 satellite offices(SO). The Main office is connected to a Private Network via Nortel devices and routed accordingly. But we need to be able to connect to devices in the Nortel PN from the 2 satellites offices. The Network Security liason at the PN does not allow routing to happen to this 2 satellites office because of segments are RFC1918. They have recommended to have traffic from this SO be NAT'ED into ip's from segment from Main office. Problem is I dont know how to do this? Can this be accomplished with this setup? Do I need another device to perform the NATing?

Thanks

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Jon Marshall Tue, 03/30/2010 - 12:38
User Badges:
  • Super Blue, 32500 points or more
  • Hall of Fame,

    Founding Member

  • Cisco Designated VIP,

    2017 LAN, WAN

Luis


Your diagram is not very clear. Is the 2851 meant to be represented by the 3 blue circles ?


Can you post an example of what you would like ie.


private address in satellite office =

address from your main site that you want to NAT the private address to =


You should be able to do this with your router, just need some clarification.


Jon

Jon Marshall Tue, 03/30/2010 - 13:14
User Badges:
  • Super Blue, 32500 points or more
  • Hall of Fame,

    Founding Member

  • Cisco Designated VIP,

    2017 LAN, WAN

Luis


Okay, lets assume the following -


private ip = 192.168.153.10

ip from main site to use for NAT  = 190.50.103.11  <-- note that this IP address must not be used for anything else -


on your 2811 router -


on the interface connecting to the 192.168.153.0/24 network eg. fa0/0


int fa0/0

ip nat inside


on the interface connecting to the 190.50.103.0/24 network eg fa0/1


int fa0/1

ip nat outside


then


ip nat inside source static 192.168.153.10 190.50.103.11


then the connection would be made to 190.50.193.11 from the Nortel side.


Jon


Cisco are currently donating money to the Haiti earthquake appeal for every rating so please consider rating all helpful posts.

Jon Marshall Tue, 03/30/2010 - 16:22
User Badges:
  • Super Blue, 32500 points or more
  • Hall of Fame,

    Founding Member

  • Cisco Designated VIP,

    2017 LAN, WAN

Luis


Actually if all the blue circles are the 2811 then i made a slight mistake in the previous post.


You need to apply the "ip nat outside" command under the interface connecing to the serial connection ie. bottom right of your diagram eg.


int s0/0

ip nat outside


all the rest of the config is still correct. Apologies for that.


Jon



SO far I have done this

On R1

in GE 0/1

ip nat inside


On R3

in GE 0/1

ip nat outside

ip nat inside source static 192.168.153.60 190.50.103.239



Pro Inside global      Inside local       Outside local      Outside global
--- 190.50.103.239     192.168.153.60     ---                ---



Results ... from the Nortel side ping and tracert completes to 190.50.103.239, but cannot RDC to the server from the Nortel side

Actions

This Discussion