02-26-2010 11:05 AM - edited 03-04-2019 07:38 AM
Hello,
I'm experiencing a bit of an issue here. I am using static NAT to convert 172.20.0.0/24 into 172.21.0.0/24 on a Cisco 2811 router through FE0/0. On FE0/1, I have 192.168.0.0/24 subnetwork attached.
Here's what the objective is: A host on 172.20.0.0/24 (say, 172.20.0.5) is sending broadcast packets via UDP port 6000. The mainframe is on FE0/1 with an IP address of 192.168.0.35/24. This mainframe needs to receive the broadcast packets from the 172.20.0.5 host, but NAT needs to occur *first* on 172.20.0.5 so that it looks like the source address of the broadcast packet is really coming from 172.21.0.5/24. This is because the mainframe already has another interface on another 172.20.0.0/24 subnet (i.e., we're dealing with overlapping subnets here).
So far, I'm able to forward the broadcast packets to the 192.168.0.0/24 subnet by using ip forward-protocol udp 6000 (globally) and ip directed-broadcast (on the FE interfaces). I've also added an ip helper-address 192.168.0.255 statement to the FE0/0 interface.
Again, I can get the UDP:6000 packets to forward, but the source address is showing up as the original 172.20.0.5 instead of the NAT'ed address of 172.21.0.5.
Any suggestions would be very helpful. Even if I have to deploy additional hardware to make it work, that's OK too. I just can't use the original subnet, I have to NAT it somehow.
Thanks a bunch!
Solved! Go to Solution.
02-28-2010 12:18 AM
1-can you paste your NAT config?
2-as a bad solution you can cascade the second NIC (172.20) switch to the switch connecting c2811 to your server. so that the broadcast will come to the second interface :-)
02-28-2010 12:18 AM
1-can you paste your NAT config?
2-as a bad solution you can cascade the second NIC (172.20) switch to the switch connecting c2811 to your server. so that the broadcast will come to the second interface :-)
02-28-2010 07:23 PM
Thank you for your suggestion. And yes, I believe your suggestion would have solved the issue, though a bit sloppily, as you intended, though.
As it turns out, I believe I solved the problem through a modification of the "ip helper-address" statement. For some strange reason (I'm sure someone knows the answer to this reason), if I use "ip helper-address
Hopefully this thread will surface in a Google search for the next person to come across such an oddity.
Thx again, folks!
02-28-2010 09:08 PM
i think you are using static nat (one to one)
so if you use: "ip helper-address
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: