×

Warning message

  • Cisco Support Forums is in Read Only mode while the site is being migrated.
  • Cisco Support Forums is in Read Only mode while the site is being migrated.

NAT this NAT that

Unanswered Question
May 6th, 2002
User Badges:

OK here’s the problem, I have five devices that need to send data to a DB server in my NOC. I also need to send data to these devices from my NOC. I have a Cisco router on the Remote LAN side and the Checkpoint firewall on the NOC side. The Cisco router connects to the Internet via a frame relay circuit on a 30-bit network. Every thing behind the router is NATed. At the NOC I have 26-bit network and we are using NAT here also. How do I get this to work?


Remote LAN Remote WAN

192.168.100.0/29 208.56.72.243/30


NOC LAN NOC WAN

208.56.72.243/30 221.43.71.248/29


Host Devices DB Server

192.168.100.1:20052 10.10.100.100:20052

192.168.100.2:20052

192.168.100.3:20052

192.168.100.4:20052

192.168.100.5:20052


Did I mention that every thing needs to talk to port 20052?


  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Gilles Dufour Mon, 05/06/2002 - 11:48
User Badges:
  • Cisco Employee,

you need 1 static nat entry for the server at the noc.

That's no problem with your amount of addresses.


For the remote site, if you need to access them from the Noc, you also need static nat entry, which is not possible because you don't have enough addresses.

You could use PAT static entry (1 TCP port is dedicated to 1 device ie: port 80 is dedicated to device X, and ports 21/20 to device Y).

If this does not solve your problem, you might need an ipsec tunnel between your 2 sites and just don't use NAT for internal traffic.

daipayan_b Tue, 05/07/2002 - 06:10
User Badges:

Hi,


You must have a static valid IP address for the DB server at NOC(thats 10.10.100.100), then Your packet translations should happen this way:


source:192.168.100.1 -> natted source:208.56.72.243 ->FR Internet -> destined for the valid IP for 10.10.100.100(natted at NOC Router) -> reached DB server.


in this scenario both the routers would be maintaining the NAT tables which includes layer 4 information as well.

You have to ensure that the checkpoint rule base allows the trafic to and fro.


It would work.


Actions

This Discussion