Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
305
Views
0
Helpful
3
Replies

NAT problem

nathan.dixon
Level 1
Level 1

‎08-13-2003 01:22 PM - edited ‎03-02-2019 09:34 AM

Hi, I have inherited a system which I am trying to make work. It consists of two routers each with an ethernet and a bri. For some reason this very straightforward network has some NAT. I guess the NAT was configured as a workaround for some old legacy application and migration to a new network or something.

My problem is that the routers dial and ping each other OK without the NAT (removing 'ip nat outside' from dialer 2) but when this is put back on the traffic doesn't pass. Does the NAT pool address range need to match that of the bri at the receiving end? Am I missing some static routes for the pool address?

Help appreciated.

Router configs summerised with the interesting bits only!

Router1. (Dialing end)

eth 0

ip address 192.168.202.191/24

ip nat inside

dialer 2

ip address 192.128.0.50/24

ip nat outside

ip nat pool NATPOOL 192.168.0.112 192.168.0.112 netmask 255.255.255.0

ip nat inside source list 101 pool NATPOOL overload

ip classless

ip route 90.90.91.0 255.255.255.0 dialer 2

access-list 101 permit ip any any

Router 2 (Receiving end)

eth 0

ip address 90.90.91.216 /24

bri0

ip address 192.128.0.2/24

ip route 0.0.0.0 0.0.0.0 bri0

ip route 90.90.90.90 255.255.255.0 bri0 - not sure why this route is here.

Labels:
0 Helpful
3 Replies 3

akin_lopez
Level 1
Level 1

‎08-14-2003 03:05 AM

Hi,

I think you should put a static route on router1 that points to the ip address of bri interface of router two for the internal address of router two.

i.e

ip route 90.90.91.0 255.255.255.0 192.128.0.2

put this on router1

and try find out what 90.90.90.90 is. and where it is located.

put your access-list to cover just the internal network of router1

i.e

access-list 101 permit ip 192.168.202.0 0.0.0.255 any

please mail me and tell me how it went.

cheers

0 Helpful

opiedrah
Level 1
Level 1

‎08-15-2003 06:10 AM

In order for communcation to exist between two end nodes two conditions must exist:

1) There must be a route and a communication path between them.

2) they must be within the same segment.

As per your example, by applying the

ip nat outside

on BRI0 of R1 you are translating 192.128.0.50 to 192.168.0.112

by using the static route, the traffic leaves interface Dialer2 however the traffic will not know how to get back!

When R2 examins the frame it will see the source address of 192.168.0.112 in its header.

And it will not know how to respond.

0 Helpful

opiedrah
Level 1
Level 1

‎08-15-2003 06:24 AM

Q. Does the NAT pool address rantge need to match the of the VRI at the receiving end?

A. Yes, There must exist on the same network between two end points. You can use private address between both BRI's and use static routes, and Dialer lists to specificy interesting traffic.

Please correct me if i am wrong. Thank you

Orlando Piedrahita.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents