We have just set up a VPN (well almost) between my office in the UK and our US office. We need to connect to resources on the US side from the UK.
The US team have provided the equipment to do this, problem is we have a few networks our side that are the same IP range as the US so we wondered if we could NAT the UK traffic to a range that none of us have? Here is the setup:
2 external IP's, 1 connects to a firewalls outside port, the other to another firewalls outside port (we have 2 firewalls for redundancy) the inside ports of the firewalls connect to a 1811 router (Fast Ethernet 2 and 3). The 1811 routers Fast Ethernet 1 port connects to our LAN and has an IP of 192.168.17.1. We route the UK traffic that needs the US resources to 192.168.17.1.
Can we NAT all our traffic that passes through the LAN port on the 1811 to an IP NAT Pool so the US see our traffic as one range? I assume it would have to be the range of the the 1811 LAN port range (192.168.17.0/24)?
That way no the US only see us from one range that doesn't clash with their subnets.
Thanks but I don't have any control over the 1811 config, I will need to email the US that possibility we can NAT our UK traffic, could you just paste the bit I need to change and I will email them it this is all new to me?
If they are not prepared to change their config, cold I use my spare 1841 cisco router and put it between the 1811 and out LAN to the inside is our LAN and the outside is the 1811?
Both sides need the NAT config. At the US side, you can NAT 192.168.17.0/24 to 192.168.117.0/24 with the following commands:
At the ingress interface
ip nat inside
At the egress interface
ip nat outside
The nat command
ip nat inside source static network 192.168.17.0 192.168.117.0 /24 no-alias
You will need to do the same in the UK, you can use 192.168.217.0/24
Replace all instances for 192.168.117.0/24 with 192.168.217.0 from the above config.
You need routes (either dynamic or static) pointing to those networks. From the US, you need a route to 192.168.217.0/24 pointing the UK and from the UK you need a route to 192.168.117.0/24 pointing to the US.
Keep in mind, to the US the 17.0 network at the UK is now 192.168.217.0/24 and can not be reference as 192.168.17.0 - same idea lies behind devices being reference from the UK to the US.
Hi Jon, sorry I could locate my other post via my blackberry.
It really is that simple, we really don't want our networks to clash, so we just want to Nat all the UK traffic on the UK 1811 that is also builds the tunnel from the uk to us.
The 1811 just connects to our uk LAN so anything through the lan port to the us can use an IP Nat pool, so the us will only see one range from the uk.
I have another idea as the us team control the 1811. I have a spare 1841 router, can I somehow put the inside port of the 1811 into the 1841 and then the inside of the 1841 into our LAN and get this to do all the Nats? Then the US can leave their router and this other router can just do the Nat?
If the US are reluctant to change anything on their 1811 router, is it possible to put the inside LAN port from that into the outside of my spare 1841 then put the 1841 into our LAN to do the NAT? Is this config ok for this scenario?
Current configuration : 1684 bytes
! Last configuration change at 14:31:17 London Mon Aug 6 2007
! NVRAM config last updated at 14:31:18 London Mon Aug 6 2007
service timestamps debug datetime msec
service timestamps log datetime msec
logging buffered 51200 warnings
no aaa new-model
clock timezone London 0
clock summer-time London date Mar 30 2003 1:00 Oct 26 2003 2:00
Hi everyone, I would like to thank you in advance for any help you can provide a newcomer like myself!
Im studying the 100-105 book by Odom and am currently on the topic of Port security. I purchased a used 2960 and I'm trying to follow a...
While deploying a number of 18xx/2802/3802 model access points (APs), which run AP-COS as their operating platform. It can be observed on some occasions that while many of their access points were able to join the fabric WLC withou...
I am going to design and build an LAN network under a tunnel underground with long distance between the switches.
I will have 2 Catalyst switches and 8 Industrial IE3000, and they will be connected with fiber.
For now I am planning on use Layer-2 s...