PAT Overload between internal networks

Unanswered Question
May 27th, 2010

Greetings, i have an 871 ISR, the outside interface is configured with two sub interfaces and an internal LAN interfaces, now im trying to get the 172.16.1.0 network to talk to the 10.10.10.0 network which doesnt have a GW of it's own, as such i need to translate the 172.16.1.0 network to the IP address of the F4.75 interface 10.10.10.1


I though this would be simple in theory but its proving annoying.


F4.50 - Internet Facing

ip address 1.1.1.1 255.255.255.0

ip nat outside


F4.75 - Internal LAN

10.10.10.1 255.255.255.0

ip nat ?


The internal Vlan1 interface is attatched to a private network


VLAN1

ip address 172.16.1.0 255.255.255.0

ip nat inside


I can get to the internet fine  using


ip nat inside  source list 100 interface F4.50 overload

!

access-list  100 permit 172.16.1.0 0.0.0.255 any


However i cant PAT to  the 10.10.10.0 network using the same method, ive tried setting the  interface to OUTSIDE the doing the following but to no avail.

interface F4.75

ip nat outside

!

ip nat inside source list  101 interface F4.75 overload

!

access-list  101 permit 172.16.1.0 0.0.0.255 10.10.10.0 0.0.0.255



Any recomendations are welcome

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Ganesh Hariharan Thu, 05/27/2010 - 21:51

Greetings, i have an 871 ISR, the outside interface is configured with two sub interfaces and an internal LAN interfaces, now im trying to get the 172.16.1.0 network to talk to the 10.10.10.0 network which doesnt have a GW of it's own, as such i need to translate the 172.16.1.0 network to the IP address of the F4.75 interface 10.10.10.1


I though this would be simple in theory but its proving annoying.


F4.50 - Internet Facing

ip address 1.1.1.1 255.255.255.0

ip nat outside


F4.75 - Internal LAN

10.10.10.1 255.255.255.0

ip nat ?


The internal Vlan1 interface is attatched to a private network


VLAN1

ip address 172.16.1.0 255.255.255.0

ip nat inside


I can get to the internet fine  using


ip nat inside  source list 100 interface F4.50 overload

!

access-list  100 permit 172.16.1.0 0.0.0.255 any

Hi,

Are you telling the sub interface are configured in outside interface but in the above config 10.10.10.X is int intenal segment and traffic 172.16.1.0 is alos coming from internal segment i suppose.

You can create mutliple internal subinterface and make use of pat in the baove config with making gateway as the sub interface ip of the router.

Hope to Help !!

Ganesh.H

Mark Rigby Fri, 05/28/2010 - 15:07

Greetings, yes i have configured "ip nat outside" on the sub interfaces, this is the current configuration.


I want to PAT "overload" between the internal LAN 172.16.1.0 255.255.255.0 and a second internal LAN 10.10.10.0 . It is this way because the clients on the 10.10.10.0 network dont know of the other internal network 172.16.1.0 and dont know how to route to it as 10.10.10.1 isnt there default gateway, if i try to communicate with a host on the 10.10.10.0 network without NAT the source IP comes from the 172.16.1.0 network which they dont know how to get too hence PAT.


Unfortunatrley this config doesnt work, do i need to use route maps instead?


Regards

interface f4

no ip address

!

interface f4.50 - Internet Facing

encapsulation dot1q 50

ip address 1.1.1.1  255.255.255.0

ip nat outside

!

interface f4.75  - Internal LAN

encapsulation dot1q 75

10.10.10.1 255.255.255.0

ip nat outside

!

interface vlan1

ip address 172.16.1.1 255.255.255.0

ip nat  inside

!

ip nat inside source list 100 interface f4.50 overload

ip nat inside source list 101 interface  f4.75 overload

!

access-list 100 permit ip 172.16.1.0 0.0.0.255 10.10.10.0 0.0.0.255

access-list 101 permit ip 172.16.1.0 0.0.0.255 any

Mark Rigby Tue, 06/01/2010 - 05:49

Is this one for route-maps or isnt it possible to PAT between two RFC 1918 network ranges?


Regards

Actions

This Discussion