Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

NAT and PAT

Scenario:

US Private Network--Router--US NAT Router--Router--Phil Private Network

IP Addressing

US Private Network: 172.16.100.0/16

Inside Global: 192.168.1.1/27

Phil Private Network: 172.16.200.0/16

Inside Global: 192.168.10.1/28

Question:

1. Is it possible to ping the US private network from Phil private network, and vice versa.

2. Can you provide me a sample config in all router?

3. if i create an acl for translation. and create again for limiting the tcp and udp port, would it create any conflict?

Kindly help me on this. Thanks

1 ACCEPTED SOLUTION

Accepted Solutions
Bronze

Re: NAT and PAT

hi

did you mean subnet mask 16 or 24!!!

(I supposed that you are using IOS routers)

in the case of mask 16 you are in the same network 172.16.0.0 bad design and you will be dealing with overlapping network.

so go ahaed and implement nat-overlapping (IMPLEMENT ip NAT INSIDE AND ip NAT OUTSIDE FOR EACH SITE) SO In this case you solve the problem of making both networks able to communicate,to ping a host in the other site you dont know witch translated address corespond to wicth real address unless you have configured one-to-one mapping static nat .

in the case of 24 you are in diffrent network

no problem go ahead and implement normal nat.

for question 3 the answer is :

* for ip nat inside the access-list is applied BEFORE translantion .

and for ip nat outside the access-list is applied AFTER translantion .

so i assumed that there is no conflict if the access-list addresses the correct networks.

HTH

kamal

1 REPLY
Bronze

Re: NAT and PAT

hi

did you mean subnet mask 16 or 24!!!

(I supposed that you are using IOS routers)

in the case of mask 16 you are in the same network 172.16.0.0 bad design and you will be dealing with overlapping network.

so go ahaed and implement nat-overlapping (IMPLEMENT ip NAT INSIDE AND ip NAT OUTSIDE FOR EACH SITE) SO In this case you solve the problem of making both networks able to communicate,to ping a host in the other site you dont know witch translated address corespond to wicth real address unless you have configured one-to-one mapping static nat .

in the case of 24 you are in diffrent network

no problem go ahead and implement normal nat.

for question 3 the answer is :

* for ip nat inside the access-list is applied BEFORE translantion .

and for ip nat outside the access-list is applied AFTER translantion .

so i assumed that there is no conflict if the access-list addresses the correct networks.

HTH

kamal

218
Views
0
Helpful
1
Replies
CreatePlease login to create content