I have a development network that, for political reasons, is a little kludgy.
I've attached a logical layout of the network. WAN traffic from 10.7.0.0 gets NAT'd at 172.23.8.3, then forwarded along to 172.23.8.1 which is our corporate firewall. 172.23.0.0 has 172.23.8.3 as its default gateway, but no NAT occurs.
A couple specific destinations need to get routed out the 192.168.1.0 network, though, because that is our DSL modem. Again, NAT needs to occur because we do not manage the modem. So traffic gets NAT'd at 192.168.1.163, and forwarded along.
This works just fine for the 10.7.0.0 network because 10.7.0.254 is an inside interface. The problem comes when 172.23.0.0 traffic tries to get out that way - since 172.23.8.3 is an outside interface, it will not NAT the traffic that's destined for the 192.168.1.0 network... and 192.168.1.1 has no knowledge of our networks.
Is there a way to force NAT to occur when traffic is received on an outside interface, and is destined for another outside interface?
As a follow-up, this is exceedingly simple. It's true that NAT is not performed between interfaces on the same side.
I have honestly never done NAT without the inside/outside statements. It turns out, NAT can be performed via the NVI - NAT VIrtual Interface - by using the "ip nat enable" command. That makes the NAT completely defined by the access lists without regard to the interface being inside or outside.
Excellent post. Another thing you could have done, is to make the 172.23 the inside interface for NAT, than create a loopback interface with the 192.168 address and make it the outside interface. That has worked for me in the past. I'll keep the NVI concept in my toolbag for next time.
Question We run asr9001 with XR 6.1.3, and we have a very long delay to
login w/ SSH 1 or 2 to the device compare to IOS device. After
investigation, the there is 1s delay between the client KEXDH_INIT and
the server (XR) KEXDH_REPLY. After debug ssh serv...
Introduction The purpose of this document is to demonstrate the Open
Shortest Path First (OSPF) behavior when the V-bit (Virtual-link bit) is
present in a non-backbone area. The V-bit is signaled in Type-1 LSA only
if the router is the endpoint of one or ...
Hi, I am seeing quite a few issues with patch install and wanted to
share my experience and workaround to this. Login to admin via CLI, then
access root with the “shell” command Issue “df –h” and you’ll probably
see the following directory full or nearly ...