05-25-2010 08:34 AM - edited 03-04-2019 08:35 AM
Hello,
I've not had to deal with a NAT issue (luck I guess). I have 2 routers connected by their WAN serial cables, one site (local config) has 3 subnets 192.168.10.x/24, 192.168.20.x/24, 192.168.30.x/24, the router is providing the local routing to the L2 2960 switches (router on a stick etc). This router connects to a remote route via it's serial cable but the remote site also uses 192.168.10.x/24 for it's LAN and we both need to share our servers across the WAN. I need some help to hide/NAt this range and allow communication between sites. I did ask if we could change the remote sites IP range but we can't (long story).
I have attached the configs in hope somebody can give me an example. I did make start by adding the "ip nat inside" and "ip nat outside " commands then I got a little lost.
Thanks
05-25-2010 10:32 AM
Hi Andy,
This can be solved - however it's tricky, the biggest thing is both ends want to communicate with each other. To that end, you need to NAT both sides, the big question's are:-
1) Is the 192.168.10.0/24 subnet the only subnet that needs natting?
2) Do you want to perform network based nat (the whole /24) or just partial IP's?
3) Do you take advantage of the OSPF process you have running to advertise the NAT routes
4) Or just simple statics
5) Will the 192.168.10.0/24 from both sides need to communicat outside of this pt-pt network?
Once you answer the above - the solution will present itself!
HTH>
05-25-2010 12:34 PM
Hi, thanks for answering my question. Seems I'm in luck at the moment (I hope), it seems we only need the local site with the 3 subnets 192.168.10.x, 192.168.20.x, 192.168.30.x to be able to access servers on the remote site that are on 192.168.10.x, the servers seems to be on random IP's on the last octet. What options do I have, some sort of NAT pool?
Thanks
05-25-2010 01:31 PM
Well I would personally have:-
Local
int fa 0/0.10 <> Only this interface needs to have ip nat inside
ip nat inside
!
int s0/0/0
ip nat outside
!
ip nat inside source network 192.168.10.0 192.168.x.0 /24
ip route 192.168.y.0 255.255.255.0 s0/0/0
Remote
int fa0/0
ip nat inside
!
int s0/0/0
ip nat outside
!
ip nat inside source network 192.168.10.0 192.168.y.0 /24
ip route 192.168.x.0 255.255.255.0 s0/0/0
HTH>
05-25-2010 03:03 PM
Thanks, how will the local site know which server to connect to at the remote site?
05-25-2010 11:18 PM
Well the 2 key words in the NAT config are "Network" and "/24", This instructs both routers it's a subnet translation & the size of the subnet.
so let's say the local router translates 192.168.10.0/24 to 192.168.100.0/24, you have 5 servers
Local Translated
192.168.10.1 192.168.100.1
192.168.10.15 192.168.100.15
192.168.10.23 192.168.100.23
192.168.10.37 192.168.100.37
192.168.10.59 192.168.100.59
And the remote end has 2 servers and translates 192.168.10.0/25 to 192.168.200.0/24
Remote Translated
192.168.10.125 192.168.200.125
192.168.10.42 192.168.200.42
It's a 1:1 NAT translation the only octet that is changed is the "3rd" one.
HTH>
05-26-2010 01:56 AM
Thanks, on the remote site the server IP's are:
192.168.10.10 - email
192.168.10.15 - file server
192.168.10.24 - Apps
I see you have created 1-to-1 NAT's for the local site subnet of 192.168.10.x to get to these, but how will the other 2 local subnet sget to these? What the traffic for the subnet 192.168.20.x and 192.168.30.x remain local and route the local 192.168.1.x subet?
05-26-2010 02:15 AM
Andy,
I see from your config's, in the local router you have:-
!
router ospf 1
log-adjacency-changes
network 10.10.10.0 0.0.0.3 area 0
network 192.168.10.0 0.0.0.255 area 0
network 192.168.20.0 0.0.0.255 area 0
network 192.168.30.0 0.0.0.255 area 0
!
and the remote router you have:-
!
router ospf 1
log-adjacency-changes
network 10.10.10.0 0.0.0.3 area 0
!
Since the local & remote router have 10.10.10.0 /29 in area 0 - they will form a neighbor. Since they are neighbors - the local router will send the 192.168.10.0/20 & 30 subnets to the remote router. I presume the servers at the remote site have IP addresses with a "Default Gateway" of the router interface? Routing is preserved for 192.168.20.0/ 30.0 as they are NOT being NAT'td. Since the 192.168.10.0 is local to the remote router via a CONNECTED interface - it will ignore the OSPF route for 192.168.10.0/24
How do you plan to connect to these servers, by IP address or Name - either way you need a DNS server.
HTH>
05-26-2010 08:29 AM
Thanks for explaining that Andrew. I don't seem to have the NAT options you mention:
ip nat inside source network 192.168.10.0 192.168.x.0 /24 ip route 192.168.y.0 255.255.255.0 s0/0/0
I have:
Local-Router(config)#ip nat inside source ?
list Specify access list describing local addresses
static Specify static local->global mapping
Local-Router(config)#
Also on the remote router I guess I would need to add the "new" NAT range to the OSPF to advertise to the local router network?
Thanks
05-26-2010 08:44 AM
Yeah - sorry about that, the correct config is
ip nat inside source static network 192.168.10.0 192.168.x.0 /24
ip route 192.168.y.0 255.255.255.0 s0/0/0
OSPF will not advertise a NAT range with a network command. If you want to advertise it in OSPF add:-
ip route 192.168.y.0 255.255.255.0 fa0/0.10 - this will put a valid route into the routing table
Then add:-
router ospf #
redistribute static subnets
This WILL advertise the NAT subnet to the remote side. For it to work from the other side - the same config applies.
HTH>
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: