03-24-2007 04:48 AM - edited 03-05-2019 03:05 PM
Hello. Please see the attached diagram. When I show up in the cloud from my firewall, I need to show up as 192.168.166.10, not as my router interface (192.168.166.1). Can anyone tell me the commands to make this happen? Is it possible to have an address translated to an address on the same subnet?
We previously did this on the firewall, but have just put a router there.
Solved! Go to Solution.
03-24-2007 05:58 AM
Friend,
You can do that.
Configure a PAT to 192.168.166.10 for the inside subnets. Make sure the Patted IP is not assigned to anyone
ip nat pool POOL_internet 192.168.166.10 192.168.166.10 prefix-length 24
ip nat inside source list 101 pool POOL_internet overload
access-list 101 permit ip
HTH, rate if it does
Narayan
03-24-2007 05:58 AM
Friend,
You can do that.
Configure a PAT to 192.168.166.10 for the inside subnets. Make sure the Patted IP is not assigned to anyone
ip nat pool POOL_internet 192.168.166.10 192.168.166.10 prefix-length 24
ip nat inside source list 101 pool POOL_internet overload
access-list 101 permit ip
HTH, rate if it does
Narayan
03-24-2007 06:47 AM
Sorry Narayan, I'm new to natting. Could you maybe post a sample config?
03-24-2007 07:29 AM
I already posted the sample configs.
Let me know what are the subnets behind the firewall/ router and what is the subnet mask of the network 192.168.166.0
Narayan
03-24-2007 08:48 AM
Here is the interface configs of the router:
_________________
interface FastEthernet0/0
ip address 199.43.3.2 255.255.255.0
speed 100
full-duplex
!
interface Serial0/0
description Circuit
bandwidth 256
ip address 199.43.120.13 255.255.255.252
ip directed-broadcast
encapsulation frame-relay
no ip mroute-cache
no fair-queue
frame-relay map ip 199.43.120.14 51 broadcast payload-compression packet-by-packet
!
interface Ethernet1/0
description Connection
ip address 192.168.166.1 255.255.255.0
full-duplex
!
interface Ethernet1/1
description Connection
ip address 192.168.209.1 255.255.255.0
full-duplex
!
_______________
The firewall connects on fa0/0. There are many networks behind the firewall.
Anything attempting to connect to the host (142.225.118.224, other side of a vendor owned router)needs to show up as 192.168.166.10. There is also another host that has the same type of restriction, but if you can help with the first one I should be able to do the next one by myself.
Thanks.
03-25-2007 08:58 AM
Do I need to apply the access-list to an interface?
03-25-2007 07:30 PM
Guess I don't need to apply the access list to an interface, since it seems to be working without it. Thanks for all your help.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide