Help with NAT

lgurley · ‎06-04-2003

We have a router that is using NAT to allow traffic from the serial ports to be translated to the same address as the Primary Ip for the E0/0. We now need the NAT to also occur for the secondary network on the E0/0.

interface FastEthernet0/0

ip address 75.75.250.110 255.255.255.0 secondary

ip address 10.80.30.2 255.255.254.0

ip nat outside

no ip mroute-cache

duplex auto

speed auto

The 75.75.250.0 network needs to be translated to 10.80.30.2. Below is our config. Thanks.

Current configuration : 2636 bytes

!

version 12.2

service timestamps debug uptime

service timestamps log uptime

service password-encryption

!

hostname Cleveland01

!

enable secret

enable password

!

ip subnet-zero

!

no ip domain-lookup

!

interface FastEthernet0/0

ip address 75.75.250.110 255.255.255.0 secondary

ip address 10.80.30.2 255.255.254.0

ip nat outside

no ip mroute-cache

duplex auto

speed auto

!

interface Serial0/0

bandwidth 256

no ip address

encapsulation frame-relay

no ip mroute-cache

no fair-queue

frame-relay lmi-type ansi

!

interface Serial0/0.1 point-to-point

bandwidth 256

ip address 75.75.99.18 255.255.255.252

ip nat inside

no ip mroute-cache

no arp frame-relay

frame-relay interface-dlci 99

!

interface Serial1/0

ip address 75.75.99.25 255.255.255.252

fair-queue

service-module t1 timeslots 1-24

service-module t1 remote-alarm-enable

!

interface BRI1/0

no ip address

!

ip nat inside source list 101 interface FastEthernet0/0 overload

ip nat inside source static 75.75.99.17 10.80.30.3

ip nat inside source static 75.75.1.233 10.80.30.20

ip nat inside source static 75.75.1.129 10.80.30.21

ip nat inside source static 75.75.1.192 10.80.30.22

ip nat inside source static 75.75.1.243 10.80.30.23

ip nat inside source static 75.75.1.157 10.80.30.24

ip nat inside source static 75.75.1.115 10.80.30.25

ip nat inside source static 192.168.9.120 10.80.30.27

ip nat inside source static 192.168.9.109 10.80.30.28

ip nat inside source static 75.75.1.10 10.80.30.26

ip nat inside source static 192.168.9.3 10.80.30.29

ip classless

ip route 0.0.0.0 0.0.0.0 75.75.99.17

ip route 10.80.0.0 255.255.0.0 10.80.30.1

ip route 75.75.251.0 255.255.255.0 75.75.99.26

ip http server

ip community-list standard fl0w3rs_trap permit

no ip pim bidir-enable

!

access-list 101 deny ip 75.75.0.0 0.0.255.255 75.75.0.0 0.0.255.255

access-list 101 deny ip 192.168.9.0 0.0.0.255 75.75.0.0 0.0.255.255

access-list 101 permit ip 75.75.0.0 0.0.255.255 any

access-list 101 permit ip 192.168.0.0 0.0.255.255 any

snmp-server community fl0w3rs_trap RW

alias exec s show ip route

!

line con 0

exec-timeout 5 0

password

login

full-help

line aux 0

line vty 0 4

password

login

line vty 5 15

password

login

!

end

rais · ‎06-04-2003

I dont understand what has to be NATed to what but I think following will help:

you can define a pool of IPs using:

ip local pool

Then NAT command will be changed to:

ip nat inside source list 101 pool overload

The second command will NAT the addresses in 101 to the one in pool. The pool may contain only one IP address, which in your case I believe will be your Ethernet secondary address.

Thanks.

olorunloba · ‎06-04-2003

For NATting to work, the packets will neet to move from an NAt inside interface to a NAT outside interface. In your config, the network that you want to NAT is attached to the Outside interface, hence it never gets to the inside interface.

Hence, you might need to re-engineer your network such that traffic moves accordingly, after, your NATting config will work

lgurley · ‎06-05-2003

Thanks. I was able to use a loopback int with ip nat inside, an ip route policy on E0/0 to route the 75.75.250.0 traffic thru the loopback and a route-map statement. Fun.

This is the article that I used to configure it.

http://www.psionic.com/en/US/tech/tk648/tk361/technologies_tech_note09186a0080094430.shtml