Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements
Webcast-Catalyst9k
New Member

NAT this NAT that

OK here’s the problem, I have five devices that need to send data to a DB server in my NOC. I also need to send data to these devices from my NOC. I have a Cisco router on the Remote LAN side and the Checkpoint firewall on the NOC side. The Cisco router connects to the Internet via a frame relay circuit on a 30-bit network. Every thing behind the router is NATed. At the NOC I have 26-bit network and we are using NAT here also. How do I get this to work?

Remote LAN Remote WAN

192.168.100.0/29 208.56.72.243/30

NOC LAN NOC WAN

208.56.72.243/30 221.43.71.248/29

Host Devices DB Server

192.168.100.1:20052 10.10.100.100:20052

192.168.100.2:20052

192.168.100.3:20052

192.168.100.4:20052

192.168.100.5:20052

Did I mention that every thing needs to talk to port 20052?

2 REPLIES
Cisco Employee

Re: NAT this NAT that

you need 1 static nat entry for the server at the noc.

That's no problem with your amount of addresses.

For the remote site, if you need to access them from the Noc, you also need static nat entry, which is not possible because you don't have enough addresses.

You could use PAT static entry (1 TCP port is dedicated to 1 device ie: port 80 is dedicated to device X, and ports 21/20 to device Y).

If this does not solve your problem, you might need an ipsec tunnel between your 2 sites and just don't use NAT for internal traffic.

New Member

Re: NAT this NAT that

Hi,

You must have a static valid IP address for the DB server at NOC(thats 10.10.100.100), then Your packet translations should happen this way:

source:192.168.100.1 -> natted source:208.56.72.243 ->FR Internet -> destined for the valid IP for 10.10.100.100(natted at NOC Router) -> reached DB server.

in this scenario both the routers would be maintaining the NAT tables which includes layer 4 information as well.

You have to ensure that the checkpoint rule base allows the trafic to and fro.

It would work.

108
Views
0
Helpful
2
Replies
CreatePlease to create content