Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

NAT, Tunnels and duplicate IP

I have the following network:

Router B Router C

(e0: 10.1.1.1/24) (e0: 10.1.1.1/24)

(NAT: 11.1.1.1) (NAT 12.1.1.1)

| |

| |

-----------(f0/0)------- Router A ----(f0/1)--------------------

|

(f1/0-206.116.76.128/26)

|

Server1 (206.116.76.130)

Router A connects to router B using f0/0 (6.0.0.4/30) and to router C using f0/1 (6.0.0.0/30). Router B and C both have an Ethernet interface of 10.1.1.1. Tunnels have been created because on the real life example, there are two routers between router B and router A. Tunnels avoid complicated routing tables in the routers in between. Server1 needs to be able to ping router B through address 11.1.1.1 and router C through address 12.1.1.1.

So router A needs to route traffic 11.1.1.1/24 to interface f0/0 then translate the IP to 10.1.1.1/24. It also needs to route traffic 12.1.1.1/24 to interface f0/1 then translate the IP to 10.1.1.1/24.

Since the order of operation for NAT for inside-to-outside translation is route then NAT, interface f1/0 is set as the inside interface and interfaces f0/0 & f0/1 are the outside interfaces.

Here is my sample configuration (with lab router) for router A:

hostname RouterA

!

interface Tunnel6

description Trend for Airgate

ip address 7.0.0.5 255.255.255.252

ip nat outside

tunnel source 6.0.0.5

tunnel destination 6.0.0.6

!

interface Tunnel7

ip address 7.0.0.1 255.255.255.252

ip nat outside

tunnel source 6.0.0.1

tunnel destination 6.0.0.2

!

interface FastEthernet0/0

description Simulated point-to-point network to router B

ip address 6.0.0.5 255.255.255.252

speed 100

full-duplex

!

interface FastEthernet0/1

description Simulated point-to-point network to router C

ip address 6.0.0.1 255.255.255.252

duplex auto

speed auto

!

interface FastEthernet1/0

description Server LAN segment

ip address 206.116.76.130 255.255.255.192

ip nat inside

duplex auto

speed auto

!

ip nat pool 11to10 10.1.0.0 10.1.255.255 netmask 255.255.0.0 type match-host

ip nat pool 12to10 10.1.0.0 10.1.255.255 netmask 255.255.0.0 type match-host

ip nat inside destination list range11 pool 11to10

ip nat inside destination list range12 pool 12to10

ip classless

ip route 11.0.0.0 255.0.0.0 7.0.0.6

ip route 12.0.0.0 255.0.0.0 7.0.0.2

!

ip access-list standard range11

permit 11.1.0.0 0.0.255.255

ip access-list standard range12

permit 12.1.0.0 0.0.255.255

Looks simple enough but it does not work. If I do an extended ping from Router A to 11.1.1.1, I get destination unreacheable. I presume that the packet is sent to Tunnel 6 but it does not know where 11.1.1.1 is inside Router B. I can tell that NAT did not work because the "show ip nat translation" table is empty.

Can you help?

Thanks

Martin

2 REPLIES
Cisco Employee

Re: NAT, Tunnels and duplicate IP

why don't you do nat on Router B and router C ?

This would make the problem easier.

I don't think this will ever work.

You can't associate 2 different addresses to a single one.

Also, why would a server needs to access a router interface ?

Another suggestion: could you configure ip address 12.1.1.1 and 11.1.1.1 directly on the router B and C as secondary addresses ?

New Member

Re: NAT, Tunnels and duplicate IP

I have given a lot of thoughts to the scenario you propose. Let me give you a little more details:

1- The server is polling SNMP for router B & C.

2- This example shows 2 routers with the same IP address but in some cases it can be switches or servers with duplicate IPs. Therefore, I cannot assign them secondary addresses.

3- I do not control router B or C and therefore I cannot make changes to them. Even if I did, several of those routers do not have the power to have NAT implemented as they are low-end routers with little memory (ie Cisco 1005, 1605 etc).

Thanks for your message.

Martin

101
Views
0
Helpful
2
Replies