Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Attention: The Community will be in read-only mode on 12/14/2017 from 12:00 am pacific to 11:30 am.

During this time you will only be able to see content. Other interactions such as posting, replying to questions, or marking content as helpful will be disabled for few hours.

We apologize for the inconvenience while we perform important updates to the Community.

New Member

NAT through point-to-point

First off. Fe0/1 is "ip nat outside", Fe0/0 is "ip nat inside" and Se0/1 isn't a nat interface on R1. On R2; I have Se0/1 which isn't a nat interface, Fe0/0 which is "ip nat inside" and Fe0/1 which is "ip nat outside".

My ISP has given me some IP addresses that are pointed at 11.11.11.11 and I normally just go through the motions of nat'ing them to Fe0/0. I have a situation where I need one of the IP addresses that my ISP has pointed to 11.11.11.11 to go to the 192.168.2.0/24 network. I have to put a webserver there. I can't figure this out. Any ideas?

5 REPLIES
Hall of Fame Super Blue

Re: NAT through point-to-point

Steven

I'm a little bit confused. Lets say the IP address supplied by ISP is 195.177.10.10

ip nat inside source static 195.177.10.10 192.168.2.7

where 192.168.2.7 is the web server.

On the s0/1 interface on R1

int s0/1

ip nat inside

Jon

New Member

Re: NAT through point-to-point

I don't want to NAT on that interface, do I? What effect will that have on the routing between the two sites? I don't want NAT between the LAN's of both sites. Meaning... if I hit a box on the 192.168.1.0/24 network from 192.168.2.15 I want the source IP address to be 192.168.2.15. Does that make sense?

Hall of Fame Super Blue

Re: NAT through point-to-point

"Meaning... if I hit a box on the 192.168.1.0/24 network from 192.168.2.15 I want the source IP address to be 192.168.2.15. Does that make sense?"

Yes makes sense and it won't NAT or put it another way it will only NAT what you tell it to NAT. By putting "ip nat inside" under the s0/1 interface this does not mean all traffic coming in on that interface will be natted.

What will get natted is 192.168.2.7 but even that would only get natted if it goes out through the fa0/1 interface because that has an "ip nat outside" statement under the interface.

Jon

New Member

Re: NAT through point-to-point

Ok. What about s0/1 on R2? Since fa0/0 on R2 is "ip nat inside" does it need to be "ip nat outside"?

I don't understand the purpose of the "ip nat outside/inside" statements applied to interfaces. I was always just told I needed them to translate a "public" IP to a "private" IP. Can you point me to something that will clarify what happens when those are applied to interfaces? Thanks Jon.

Hall of Fame Super Blue

Re: NAT through point-to-point

"Ok. What about s0/1 on R2? Since fa0/0 on R2 is "ip nat inside" does it need to be "ip nat outside"?"

No because you don't need to NAT the packet twice. If you do the NAT on R1 then you can just leave the packet alone on R2 and just route it.

"I was always just told I needed them to translate a "public" IP to a "private" IP."

They do but it is important to realise that just by putting these statements under interfaces does not mean traffic will be natted. You need to either then add further config to your router eg.

On router R1

dynamic nat

access-list 101 permit ip 192.168.1.0 0.0.0.255 any

ip nat inside source list 101 interface fa0/1 overload

This would NAT all 192.168.1.0/24 source addresses to 11.11.11.11 id the traffic was going out of the fa0/1 interface. It would dynamically NAT it because all 192.168.1.x addresses are hidden behind the 11.11.11.11 address.

or you can use static NAT - see my previous post for an example.

Also have a look at this doc on NAT and if you have further questions then come back.

http://www.cisco.com/en/US/technologies/tk648/tk361/tk438/technologies_white_paper09186a0080091cb9.html

Jon

138
Views
0
Helpful
5
Replies
CreatePlease to create content