×

Warning message

  • Cisco Support Forums is in Read Only mode while the site is being migrated.
  • Cisco Support Forums is in Read Only mode while the site is being migrated.

NAT (Source NAT)

Unanswered Question
Feb 21st, 2014
User Badges:

Hello Cisco World.


Looking for some assistance asap on this one.  Been going through the Support Community and can't find the exact details I need to get my NATs to work.


Here's the scenario:

Several WAN sites connecting to a MPLS network.  I need to be able to send a public address block inside across the WAN to a remote router. From there it needs to source NAT to the interface of that remote router. 


IE Topology.

MAIN Router - FA0/0 192.168.100.1 /24  Serial T1 (ATT) 12.112.117.126 /30


Remote Site Serial T1 (ATT) 12.46.192.102 FA0/0 172.31.31.56 /24

IP Route (Public IP Block - 5.5.5.0 /24 172.31.31.1  --> Behind the Remote FA0/0 .56 interface


So that part work.  I did before and after trace routes, and traffic no longer goes across the internet but across the private WAN. 


The data center host says to "All traffic from Customer to the public network (5.5.5.0/24) should be routed over the new MPLS link.  Customers MPLS end point device should source NAT all traffic to Datacenter as 172.31.31.56.  The end point device should route inbound traffic (to Datacenter) to 172.31.31.1."


So based on that I followed the link here :

http://www.cisco.com/c/en/us/support/docs/ip/network-address-translation-nat/13773-2.html


I know it's pretty simple.  Just can't figure it out.


My config:

ip route 5.5.5.0 255.255.255.0 172.31.31.1

!

!

ip nat inside source static 172.31.31.56 192.168.100.250

!

access-list 1 permit 192.168.100.0

access-list 1 permit 192.168.70.0

access-list 1 permit 192.168.60.0

access-list 1 permit 192.168.20.0

access-list 1 permit 192.168.254.0

access-list 1 permit 192.168.218.0


(Inside Networks needing access to the public IP 5.5.5.0)



Running debug IP NAT

Customer-Remote Router#sh ip nat trans

Pro Inside global         Inside local          Outside local         Outside global

--- 192.168.100.250       172.31.31.56          ---                   ---

Customer-Remote Router#


Any help would be appreciated.  Thanks, Brandon      

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Jon Marshall Sat, 02/22/2014 - 01:43
User Badges:
  • Super Blue, 32500 points or more
  • Hall of Fame,

    Founding Member

  • Cisco Designated VIP,

    2017 LAN, WAN

Brandon


Could you possibly either -


1) include a drawing


or


2) clarify exactly what needs NAT ie. source IPs when they are trying to go to what ie destination IPs and from where


Sorry but your explanation is a little unclear to me


Jon

bolds04 Sat, 02/22/2014 - 05:16
User Badges:

CISCO_NAT.jpg


Jon,

I know it to be something simple and just overlooking, but any help I'd appreciate.  Thanks, Brandon 

Jon Marshall Sat, 02/22/2014 - 06:25
User Badges:
  • Super Blue, 32500 points or more
  • Hall of Fame,

    Founding Member

  • Cisco Designated VIP,

    2017 LAN, WAN

Brandon


Try this -


Using 192.168.5.0/24 as the source IP subnet -


access-list 101 permit ip 192.168.5.0 0.0.0.255 5.5.5.0 0.0.0.255


ip nat pool NAT 172.31.31.56 172.31.31.56 netmask 255.255.255.252


ip nat inside source list 101 pool NAT overload


Any problems let me know.

      

Jon

Actions

This Discussion