03-30-2010 12:30 PM - edited 03-06-2019 10:23 AM
We have a 3 node ELAN (100 MBPS) with 2851 connecting 1 Main and 2 satellite offices(SO). The Main office is connected to a Private Network via Nortel devices and routed accordingly. But we need to be able to connect to devices in the Nortel PN from the 2 satellites offices. The Network Security liason at the PN does not allow routing to happen to this 2 satellites office because of segments are RFC1918. They have recommended to have traffic from this SO be NAT'ED into ip's from segment from Main office. Problem is I dont know how to do this? Can this be accomplished with this setup? Do I need another device to perform the NATing?
Thanks
03-30-2010 12:38 PM
Luis
Your diagram is not very clear. Is the 2851 meant to be represented by the 3 blue circles ?
Can you post an example of what you would like ie.
private address in satellite office =
address from your main site that you want to NAT the private address to =
You should be able to do this with your router, just need some clarification.
Jon
03-30-2010 01:05 PM
Yes you are correct the 2851 are the blue circles
03-30-2010 01:14 PM
Luis
Okay, lets assume the following -
private ip = 192.168.153.10
ip from main site to use for NAT = 190.50.103.11 <-- note that this IP address must not be used for anything else -
on your 2811 router -
on the interface connecting to the 192.168.153.0/24 network eg. fa0/0
int fa0/0
ip nat inside
on the interface connecting to the 190.50.103.0/24 network eg fa0/1
int fa0/1
ip nat outside
then
ip nat inside source static 192.168.153.10 190.50.103.11
then the connection would be made to 190.50.193.11 from the Nortel side.
Jon
Cisco are currently donating money to the Haiti earthquake appeal for every rating so please consider rating all helpful posts.
03-30-2010 04:22 PM
Luis
Actually if all the blue circles are the 2811 then i made a slight mistake in the previous post.
You need to apply the "ip nat outside" command under the interface connecing to the serial connection ie. bottom right of your diagram eg.
int s0/0
ip nat outside
all the rest of the config is still correct. Apologies for that.
Jon
03-31-2010 11:07 AM
Let me update the diagram
03-31-2010 12:30 PM
SO far I have done this
On R1
in GE 0/1
ip nat inside
On R3
in GE 0/1
ip nat outside
ip nat inside source static 192.168.153.60 190.50.103.239
Pro Inside global Inside local Outside local Outside global
--- 190.50.103.239 192.168.153.60 --- ---
Results ... from the Nortel side ping and tracert completes to 190.50.103.239, but cannot RDC to the server from the Nortel side
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: