Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
393
Views
0
Helpful
1
Replies

NAT – Outside Source Static Mappings

ayaz.akhtar
Level 1
Level 1

‎07-19-2002 08:46 AM - edited ‎03-02-2019 12:01 AM

We have a router (R1) with two interfaces – Eth0 and BRI0.

All the PCs on this LAN use public addressing, and connect to remote systems via the BRI0, using the Eth0 as their default gateway.

We have now added a second router (R2) to this LAN, which also has two interfaces – Eth0 and Ser0.

Eth0 on R2 uses one of the public addresses to connect to this LAN and Ser0 connects to other private LANs over leased line.

All PCs on these private LANs use private addressing, and would like to connect to remote systems via the BRI0 on R1.

We have configured NAT on R1 as follows:

!

hostname R1

!

ip nat pool satellites 53.253.66.209 53.253.66.254 netmask 255.255.255.192

ip nat inside source list 20 pool satellites

ip nat inside source static 172.30.16.30 53.253.66.194

ip nat outside source static 53.253.250.21 192.168.66.250

!

interface Ethernet0

ip address 53.253.29.250 255.255.255.0

ip nat inside

!

interface BRI0

no ip address

ip nat outside

!

interface Dialer0

ip address 53.253.233.202 255.255.254.0

dialer map ip 53.253.233.249 name …

ip nat outside

!

ip route 0.0.0.0 0.0.0.0 53.253.233.249

ip route 172.30.0.0 255.255.0.0 53.253.29.252

!

access-list 20 permit 172.30.0.0 0.0.255.255

!

The config on router R2 is as follows:

!

hostname R2

!

interface Ethernet0

ip address 53.253.29.252 255.255.255.0

!

interface Serial0

ip address 172.30.4.2 255.255.255.252

!

ip route 0.0.0.0 0.0.0.0 172.30.4.1

ip route 53.0.0.0 0.255.255.255 53.253.29.250

!

Testing the above config, we find that devices on the 172-LAN, which connect through router R2, have no problem in connecting to the 192.168.66.250 server, which translates to 53.253.250.21, over the BRI link on router R1.

However, when we try to connect to the 53.253.250.21 server from devices on the 53.253.29-subnet, we find that the 53.253.250.21 address is translated to 192.168.66.250 using the ‘outside source static’ mapping. The connection, therefore, fails.

We do not want any translation to take place for devices on the 53.253.29-subnet. The translation should only happen for traffic originating from the 172-subnet from router R2.

Is there any way of achieving this on router R1?

We would appreciate a sample config. Please let me know if you would like a Visio diagram of the above topology.

Thanks in advance.

Labels:
0 Helpful
1 Reply 1

sachin
Level 1
Level 1

‎07-20-2002 12:28 AM

pls send me complete topology with ip addressing scheme .my mail id is sachin_kjain@yahoo.com

0 Helpful
Customers Also Viewed These Support Documents