Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

Public IP Behind NAT (Observation)

Untitled.png

NOTE: I just want to share this scenerio which I encountered last night. This is not a question or an answer, just an observation which could be WRONG or RIGHT or which might help others in some cases. Please do correct me if you think there is something wrong in scenerio below:

  • The circle in diagram above is representing my home network. Router R2 is part of internet.
  • 192.168.1.2 is being translated to 1.1.1.1 using dynamic NAT
  • 192.168.1.2 is being translated to 58.65.175.1 using static NAT
  • Interface FastEthernet 0/0 on R1 has two IP addresses. 192.168.1.1 as primary and 115.186.1.2 as secondary.
  • Two public IP pools i am using in above scenerio are: 58.65.175.0/30 and 115.186.1.0/30

PROBLEM STATEMENT:

===================

I want host with 115.186.1.1 IP to access internet. In my current configuration, 115.186.1.2 is set as a default gateway for this host.

OBSERVATION:

============

Host with IP 115.186.1.1 can access internet without any problem. I have done no other configuration than to just put a secondry IP on

FastEthernet 0/0 of R1. So, R1 is not doing NATTING for this host at all (Not required since its a public IP and QEMU3 is well capable of selecting unique-source and destination ports). However i can view nat translations for all other hosts (QEMU1 and QEMU2) but not for QEMU3.

So when QEMU3 (115.186.1.1) access internet, it sends packet to its default gateway which is 115.186.1.2. When packet reaches R1, it sends it to its default route which is set to FastEthernet 1/0. This is how outbound traffic goes out of my network.

As far as inbound traffic is concerned, my public IP 115.186.1.1 is reachable from anywhere on internet, so when packet comes back to R1 with destination as 115.186.1.1, rouer R1 looks it into its routing table. Finds that network 115.186.1.0/30 is directly connected via FastEthernet 0/0. MAC address of 115.186.1.1 is already learned by R1, so it sends packet to the switch which sends it to QEMU3.

Everyone's tags (5)
1261
Views
0
Helpful
0
Replies
CreatePlease login to create content