cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
6121
Views
5
Helpful
3
Replies

How to NAT UDP broadcast packets

mrmajedkhalifa
Level 1
Level 1

Hello,

I'm experiencing a bit of an issue here. I am using static NAT to convert 172.20.0.0/24 into 172.21.0.0/24 on a Cisco 2811 router through FE0/0. On FE0/1, I have 192.168.0.0/24 subnetwork attached.

Here's what the objective is: A host on 172.20.0.0/24 (say, 172.20.0.5) is sending broadcast packets via UDP port 6000. The mainframe is on FE0/1 with an IP address of 192.168.0.35/24. This mainframe needs to receive the broadcast packets from the 172.20.0.5 host, but NAT needs to occur *first* on 172.20.0.5 so that it looks like the source address of the broadcast packet is really coming from 172.21.0.5/24. This is because the mainframe already has another interface on another 172.20.0.0/24 subnet (i.e., we're dealing with overlapping subnets here).


So far, I'm able to forward the broadcast packets to the 192.168.0.0/24 subnet by using ip forward-protocol udp 6000 (globally) and ip directed-broadcast (on the FE interfaces). I've also added an ip helper-address 192.168.0.255 statement to the FE0/0 interface.

Again, I can get the UDP:6000 packets to forward, but the source address is showing up as the original 172.20.0.5 instead of the NAT'ed address of 172.21.0.5.

Any suggestions would be very helpful. Even if I have to deploy additional hardware to make it work, that's OK too. I just can't use the original subnet, I have to NAT it somehow.

Thanks a bunch!

1 Accepted Solution

Accepted Solutions

ohassairi
Level 5
Level 5

1-can you paste your NAT config?

2-as a bad solution you can cascade the  second NIC (172.20) switch  to the switch connecting c2811 to your server. so that the broadcast will come to the second interface :-)

View solution in original post

3 Replies 3

ohassairi
Level 5
Level 5

1-can you paste your NAT config?

2-as a bad solution you can cascade the  second NIC (172.20) switch  to the switch connecting c2811 to your server. so that the broadcast will come to the second interface :-)

Thank you for your suggestion. And yes, I believe your suggestion would have solved the issue, though a bit sloppily, as you intended, though.

As it turns out, I believe I solved the problem through a modification of the "ip helper-address" statement. For some strange reason (I'm sure someone knows the answer to this reason), if I use "ip helper-address ", then IOS does not apply NAT to the source address. However, if I use "ip helper-address ", then it does use NAT correctly. Strange eh? Well, I changed my "ip helper-address" statement to point to my mainframe, and it's working like a champ now.

Hopefully this thread will surface in a Google search for the next person to come across such an oddity.

Thx again, folks!

i think you are using static nat (one to one)

so if you use: "ip helper-address ",  may be there is no static nat entry for this broadcast address. so nat will not occur.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: