cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
759
Views
4
Helpful
13
Replies

nat explanation

rajbhatt
Level 3
Level 3

Hi all,

Here if I am initaing a connection from server 10.134.14.1 to server 192.168.7.11

server( 10.134.14.1)---t2----l2switch----t1----server(192.168.7.11)

t2 router (seen on the router)

Inside Local Inside Global Outside Local Outside Global

10.4.18.13 192.168.7.11 10.134.14.1 10.134.14.1

and at t1 router

Inside Local Inside Global Outside Local Outside Global

192.168.8.10 10.134.14.1 192.168.7.11 192.168.7.11

t1 :config

ip nat pool Server 192.168.8.10 192.168.8.11 netmask 255.255.252.0

ip access-list extended NATacl

permit ip any host 192.168.7.11

deny ip any any

route-map Nmap permit 10

match ip address NATacl

t2:config

ip nat inside source static 192.168.7.11 10.134.18.13

Can any one plz explain how this is working

As per config my s-10.134.14.1 d-192.168.7.11

tranalted s:10.4.18.13 but here it is showing the opposite in ip nat translation

Could any one please clarify

Thanks in advance

Raj

13 Replies 13

bjornarsb
Level 4
Level 4

Hi,

I would like to help you, but what is your nat inside interface and what is your nat outside interface?

Traditional NAT is based on source.

Do you want source-based or destination-based NAT ?

I quess that you want source-based nat,

then your config on t1 would be just like this:

ip nat inside source static 192.168.7.11 10.134.18.13

int e0

ip add 192.168.7.X

ip nat inside

int e1

10.134.18.X

ip nat outside

BR,

Bjornarsb

Hi,

Thanks for ur reply

but my config is opposite to what u mention :

t t1

interface Giga

description INTERNAL

ip address 10.134.16.x 255.255.255.252

ip nat inside

interface GigabitEthernet0/1.11

description EXTERNAL

ip address 192.168.7.1 255.255.255.0

ip nat outside

and at t2:

interface GigabitEthernet

description switchside

ip address 10.134.16.y 255.255.255.252

ip nat inside

interface GigabitEthernet0/1.1

description internal

ip address 10.134.14.6 255.255.255.x

At t2 I have a destination nat pool 10.134.16.x

and at t1 i have source nat pool as 192.168.8.0

Could u please point out the translation that is happening

Raj

Hi,

I'm sorry but I'm confused about how you have set up ip nat inside and ip nat outside. :)

As far as I can see you should change your configuration at both t1 and t2.

I would strongly recommend that the 10.134.16.x 255.255.255.252 network is configured as ip nat outside.

Then it would be a better approach and the config like my first post just changing e 1 interface ip and provide for routing of 10.134.18.13.

HTH

Regards,

Bjornarsb

Hi,

Thats just the problem

the design was made by some one else and I am trying to figure out how things are working

according to me also it should be opposite

but its working perfect in this scenerio.

so I am trying to figure out how

Raj

Hi,

Ok I surrender :)

you have :

t2:config

ip nat inside source static 192.168.7.11 10.134.18.13

neither of this IP's are configured on the router ???

I quess you need to post the complete config of your routers :)

BR,

Bjornarsb

Hi,

U are correct .

These ips are not in the t2 router.

Theres a little problem in attching the configs .

But it is as I say it .

If u see the first post I put in the translations.

Now according to me the global inside should be 10.134.18.13 instead of the ip that is initiating traffic

I am really confused here .

Please see if u can see any light in the translations

Raj

Hi,

OK, now I think that I've understood it :)

The config that confuse us is this:

ip nat inside source static 192.168.7.11 10.134.18.13

This statement is not active at all.

So when you telnet you match the:

permit ip any host 192.168.7.11 and

get translated to 192.168.8.10

then the active translation is :

192.168.8.10 10.134.14.1 192.168.7.11 192.168.7.11

Because 192.168.7.11 is belonging to an

ip nat outside enabeled interface on t1.

By the way can you post the NAT statement on t1 ?

I quess its : ip nat inside source route-map Nmap pool Server

HTH

Pleas do rate all helpfull posts.

BR,

Bjornarsb

Hi,

Please refer to my first post .

It gives the sh ip nat command as t1(router ) with inside local and global address .

So when u say that the static translation is not active then how can we match the translation at t1.

I have given the sh ip nat translation for both t1 and t2 in the first post .

If u ignore that static tranlation all is good

But I have been told that desitation nat is happening here

Thanks

Raj

Hi,

The static nat statement on t2 is not active.

You cannot translate from inside to outide

when the IP's are not either from source int or destination int. It shows up in your output because its a static statement.

I claim that if you remove ip nat inside source static 192.168.7.11 10.134.18.13

on t2 it still will work :)

So the nat statement on t1 is active and it work as I posted in my previous post.

:)

Regards,

Bjornarsb

Hi,

I cannot agree with u there .

What I see in sh ip nat translation is :

Inside Local Inside Global Outside Local Outside Global

10.4.18.13 192.168.7.11 10.134.14.1 10.134.14.1

In case it was not active I would have something like

Inside Local Inside Global Outside Local Outside Global

10.4.18.13 192.168.7.11 --- ---- as per the static statement

Dont u think so ?

Raj

Hi,

I see, then You do NAT in both directions.

I cannot see why you have to do that ?

To be able to see that I need to see your complete configuration. I could be somtehing about how you have set up routing.

By the way, why do you realy use nat at all.

You are using private addresses and I cannot see that you have overlapping networks :)

So this is how it works:

Source to Destination traffic flow:

You telnet from 10.134.14.1

wich is your outside. This traffic match you route-map since you telnet to 192.168.7.11

and your source 10.134.14.1 is translated to 192.168.8.10

Destination to source traffic flow:

Return trafffic from 192.168.7.11 which is outside get translated into 10.4.18.13.

So on t2 it "looks" like traffic are comming from 10.4.18.13.

So on t1 it "looks" like traffic are comming from 192.168.8.10

OK ?

Regards,

Bjornarsb

Hi,

"You telnet from 10.134.14.1

wich is your outside" This is not outside but inside network behind the router t2.

the gateway of the server 10.134.14.1 is t2 inside interface .

My source is 10.134.14.1 and it is initiating the traffic .In router t2 10.134.14.1 is shown as destination but not as source.So it is apprently not matching the static source translation .

Instead of the global address 192.168.7.11 going to t1 the 10.134.14.1 address appears.

So what is the use of the nat I cannot figure out.

Still confused as ever.

Thanks

Raj

Hi,

This is why your setup is confusing :)

You telnet from 10.134.14.1 and according to nat its your outside :) But you think of it as inside ofcource :) And indeed its your source initiating traffic. That was why I suggested that 10.134.16.y 255.255.255.252 link should be your outside :)

it works because t1 and t2 have nat translation tables keeping track of inside and outside ( in terms of the NAT :) )

HTH

Please check the scroll-bar at the bottom right on every post :)

BR,

Bjornarsb

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Innovations in Cisco Full Stack Observability - A new webinar from Cisco