cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
796
Views
0
Helpful
6
Replies

Nat address routing

wenqiz1989
Level 1
Level 1

I have a little difficulty with configuring nat pool routing.  I have 4 consective public address assigned to me.  I used two on each end of a site to site connection, both are routers.  There are two more public IP left to be used for nat pool.  In my Eigrp routing , I advertise the point-to-point network on bother side of routers.  When I ping from one end host to another host in the other network ,  the packet was drop by the routers.  Is there any extra steps I need to config the routing to let the routers know where the packet should be sent?

Here is my sho run

Router1

!

interface FastEthernet0/0

ip address 172.16.1.1 255.255.255.252

ip nat inside

duplex auto

speed auto

!

interface FastEthernet0/1

no ip address

duplex auto

speed auto

shutdown

!

interface Serial0/3/0

ip address 200.0.1.1 255.255.255.252

ip nat outside

clock rate 2000000

!

interface Serial0/3/1

no ip address

clock rate 2000000

shutdown

!

interface Vlan1

no ip address

shutdown

!

router eigrp 1

network 172.16.1.0 0.0.0.3

network 200.0.1.0

auto-summary

!

ip nat pool mypool 200.0.1.3 200.0.1.4 netmask 255.255.255.248

ip nat inside source list 100 pool mypool overload

ip classless

!

!

access-list 100 permit ip 172.16.10.0 0.0.0.255 any

access-list 100 permit ip 172.16.20.0 0.0.0.255 any

access-list 100 permit ip 172.16.30.0 0.0.0.255 any

!

Router2:

interface FastEthernet0/0

ip address 192.168.1.1 255.255.255.0

duplex auto

speed auto

!

interface FastEthernet1/0

no ip address

duplex auto

speed auto

shutdown

!

interface Serial2/0

ip address 200.0.1.2 255.255.255.252

!

interface Serial3/0

no ip address

clock rate 2000000

shutdown

!

interface FastEthernet4/0

no ip address

shutdown

!

interface FastEthernet5/0

no ip address

shutdown

!

router eigrp 1

network 192.168.1.0

network 200.0.1.0

auto-summary

!

ip classless

!

Thanks in advance!

3 Accepted Solutions

Accepted Solutions

Jan Hrnko
Level 4
Level 4

Hi Grace,

there is actually one problem.

In my Eigrp routing , I advertise the point-to-point network on bother side of routers.

Yes, you do. But that is only prefix 200.0.1.0 with mask of /30, where :

200.0.1.3 is broadcast address

200.0.1.4 is not even there!

R2 simply does not know:

  • that 200.0.1.3 is host.
  • route back to 200.0.1.4

if you execute the command:

R2#show ip route 200.0.1.4

% Subnet not in table

So, there is a solution, but let me ask you first - were you assigned only these ip addresses of 200.0.1.1 - 4 or some whole subnet? Like 200.0.1.0 /29 ? I think that 200.0.1.0 should also be in your possesion - as the network address. If that is the case, I can show you one trick...

Bur right now, I have two solutions for you:

  1. Your serial links addressing scheme needs to be redesigned in some way. If you provide me with more information, I would gladly help you with that.
  2. Or we can keep it like this, and use only 200.0.1.4 for NAT translation. Then, you need to advertise 200.0.1.4 to R2 so it will know how to route back to it. This can be done in two ways.
      • Create a static route on R2:  
        • R2(config)#ip route 200.0.1.4 255.255.255.255 serial 2/0 200.0.1.1
      • Create loopback on R1 and advertise it through EIGRP to R2:

        • R1(config)#int lo0

        • R1(config)#ip address 200.0.1.4 255.255.255.255
        • R1(config)#router eigrp 1
        • R1(config)#network 200.0.1.4

    Let me know, how did you decide.

    Best regards,

    Jan

    View solution in original post

    Hi Grace!

    You're welcome!

    Just to not make any hasty decisions - I would like to know if you have 200.0.1.0 address in your possession as well (you should have as it is now the network address of link between R1-R2 but you mentioned that you have only addresses 200.0.1.1 through 200.0.1.4). In that case, there is a little trick that could be used on point-to-point interfaces. You can actually use /31 mask instead of /30 (thus not wasting any address for network address and broadcast address). Please, tell me precisely what range of addresses has ISP given you.

    Also, what do you use R2 for? I am thinking, why is there public IP on the interface between R1 and R2. Is R2 your connection point towards the ISP?

    As for the internal servers - we should first redesign the IP addressing/NAT scheme and then do this. But yes, you will need static nat.

    For example: R1(config)#ip nat inside source static YOUR_PRIVATE_ADDRESS 200.0.1.4

    How many internal servers do you have? If we would make use of /31 mask, then you could use 3 IP addresses 200.0.1.2-4 for server assignment.

    Best regards,

    Jan

    View solution in original post

    Hi Grace,

    that's wonderful. So you could use /31 masks on point-to-point interfaces. Like this:

    R1        

    interface Serial0/3/0

    ip address 200.0.1.0 255.255.255.254

    R2

    interface Serial2/0

    ip address 200.0.1.1 255.255.255.254

    That way, you used just 2 addresses instead of 4.

    Yes, I have public IP from 200.0.1.0 to 200.0.1.4.  I have one HQ and   three branch offices to set up.  RT1 is HQ and RT2 is Branch1, and two   more to go.  I want to make one link working then copy that over to the   other two.

    So, you basically need 4 more addresses just to interconnect R1 and R3, R4 when using /31 mask, right?

    I have two servers in HQ, one outward facing and one inward facing, may need more inward servers later, now is only two. 

    I'm sorry, but what do you mean by outward/inward facing? Inward facing, like private for your company and outward facing, like connected to the internet?

    Do I have enough public IPs?  What should I do?

    Right now, it seems like you don't have that much - if you want to make all those connections to branches via public addresses.

    R1-R2

    R1-R3

    R1-R4

    = 6 ip addresses

    Let me know if I understand this correctly , please. Maybe you think something else, but this is the image what I got.

    Best regards,

    Jan

    View solution in original post

    6 Replies 6

    Jan Hrnko
    Level 4
    Level 4

    Hi Grace,

    there is actually one problem.

    In my Eigrp routing , I advertise the point-to-point network on bother side of routers.

    Yes, you do. But that is only prefix 200.0.1.0 with mask of /30, where :

    200.0.1.3 is broadcast address

    200.0.1.4 is not even there!

    R2 simply does not know:

    • that 200.0.1.3 is host.
    • route back to 200.0.1.4

    if you execute the command:

    R2#show ip route 200.0.1.4

    % Subnet not in table

    So, there is a solution, but let me ask you first - were you assigned only these ip addresses of 200.0.1.1 - 4 or some whole subnet? Like 200.0.1.0 /29 ? I think that 200.0.1.0 should also be in your possesion - as the network address. If that is the case, I can show you one trick...

    Bur right now, I have two solutions for you:

    1. Your serial links addressing scheme needs to be redesigned in some way. If you provide me with more information, I would gladly help you with that.
    2. Or we can keep it like this, and use only 200.0.1.4 for NAT translation. Then, you need to advertise 200.0.1.4 to R2 so it will know how to route back to it. This can be done in two ways.
        • Create a static route on R2:  
          • R2(config)#ip route 200.0.1.4 255.255.255.255 serial 2/0 200.0.1.1
        • Create loopback on R1 and advertise it through EIGRP to R2:

          • R1(config)#int lo0

          • R1(config)#ip address 200.0.1.4 255.255.255.255
          • R1(config)#router eigrp 1
          • R1(config)#network 200.0.1.4

      Let me know, how did you decide.

      Best regards,

      Jan

      Hi! Jan:

      Thank you so much for you help!  I am going to change the nat design.  I will not use nat pool, but use inter face overload.  That will solve the routing problem.  Since I need to let people have access to resource in the private network from public internet,  I might as well save the public IPs for later.

      Now I have more questions, how do I map my internal servers,  which was assigned with a private IP, to out side world?  Static nat? If I use /32 for my point to point network, I already wasted 200.0.1.3 which I can not use anymore.

      Thanks again!

      Grace

      Hi Grace!

      You're welcome!

      Just to not make any hasty decisions - I would like to know if you have 200.0.1.0 address in your possession as well (you should have as it is now the network address of link between R1-R2 but you mentioned that you have only addresses 200.0.1.1 through 200.0.1.4). In that case, there is a little trick that could be used on point-to-point interfaces. You can actually use /31 mask instead of /30 (thus not wasting any address for network address and broadcast address). Please, tell me precisely what range of addresses has ISP given you.

      Also, what do you use R2 for? I am thinking, why is there public IP on the interface between R1 and R2. Is R2 your connection point towards the ISP?

      As for the internal servers - we should first redesign the IP addressing/NAT scheme and then do this. But yes, you will need static nat.

      For example: R1(config)#ip nat inside source static YOUR_PRIVATE_ADDRESS 200.0.1.4

      How many internal servers do you have? If we would make use of /31 mask, then you could use 3 IP addresses 200.0.1.2-4 for server assignment.

      Best regards,

      Jan

      Hi!Jan:

      Yes, I have public IP from 200.0.1.0 to 200.0.1.4.  I have one HQ and three branch offices to set up.  RT1 is HQ and RT2 is Branch1, and two more to go.  I want to make one link working then copy that over to the other two.

      I have two servers in HQ, one outward facing and one inward facing, may need more inward servers later, now is only two. 

      I want to connect each branches to HQ through VPN, each branches have its internet access. Now each office has less than 20 hosts,  for now.  All users want to have access from all office and from home as well. 

      This is the basic big picture.  I just do not want to waste any public IP I have now.  If I need more, I can ask for more.  I would like to keep the cost down as much as I can.

      Do I have enough public IPs?  What should I do?

      Thanks again!

      Grace

      Hi Grace,

      that's wonderful. So you could use /31 masks on point-to-point interfaces. Like this:

      R1        

      interface Serial0/3/0

      ip address 200.0.1.0 255.255.255.254

      R2

      interface Serial2/0

      ip address 200.0.1.1 255.255.255.254

      That way, you used just 2 addresses instead of 4.

      Yes, I have public IP from 200.0.1.0 to 200.0.1.4.  I have one HQ and   three branch offices to set up.  RT1 is HQ and RT2 is Branch1, and two   more to go.  I want to make one link working then copy that over to the   other two.

      So, you basically need 4 more addresses just to interconnect R1 and R3, R4 when using /31 mask, right?

      I have two servers in HQ, one outward facing and one inward facing, may need more inward servers later, now is only two. 

      I'm sorry, but what do you mean by outward/inward facing? Inward facing, like private for your company and outward facing, like connected to the internet?

      Do I have enough public IPs?  What should I do?

      Right now, it seems like you don't have that much - if you want to make all those connections to branches via public addresses.

      R1-R2

      R1-R3

      R1-R4

      = 6 ip addresses

      Let me know if I understand this correctly , please. Maybe you think something else, but this is the image what I got.

      Best regards,

      Jan

      Hi! Jan:

      Thanks a lot.  I need to think this through.  I need to get more public IP first.

      Grace

      Getting Started

      Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: