Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

NAT in same subnet using 1811 router

Hi

Does Cisco has something that help translate 10.32.10.10 to 10.32.10.20 ?I have a requirement here where the destination for 1811 router is 10.32.10.10 (This is the host on the otherside of vpn tunnel).I want to translate this 10.32.10.10 to 10.32.10.20 so that I can hardcode this ip in a home grown application.Somebody told me that NVI will help do this but I do not see this happening

6 REPLIES
Cisco Employee

Re: NAT in same subnet using 1811 router

Hello,

Regarding the NVI, you can do it as follows:

interface XYZ

ip nat enable

no ip redirect

ip nat source static 10.32.10.10 10.32.10.20

I assume that the 10.32.10.10 is on the 'internal' side while the 10.32.10.20 is on the 'external' side. Pay attention that the "ip nat" command does not have the word "inside" in it - that's normal and it's the way it should be.

Best regards,

Peter

New Member

Re: NAT in same subnet using 1811 router

10.32.10.10 is the interesting traffic and is the destination for my router.

New Member

Re: NAT in same subnet using 1811 router

inside =172.17.10.10

outside=209.167.x.x

Cisco Employee

Re: NAT in same subnet using 1811 router

Hi,

I'm somewhat confused - you have introduced yet another addresses here. Please try to explain this on an example of a packet flow that undergoes the NAT procedure you want to implement.

Best regards,

Peter

New Member

Re: NAT in same subnet using 1811 router

I have LAN to LAN tunnel on 1811

inside =172.17.10.10

outside=209.167.x.x

source=172.17.10.5

Destination=10.32.10.10 --this is on the other side of the tunnel.I want to NAT this ip to 10.32.10.20 and this should be reachable from my source 172.17.10.5

Cisco Employee

Re: NAT in same subnet using 1811 router

Hello,

I still do not completely understand the addressing issues. I assume that you have an IPsec tunnel and it is configured using crypto maps, no Tunnel interfaces are used. Is that correct? Moreover, your LAN uses the space 172.17.10.0/24 while the remote LAN uses 10.32.10.0/24, is that correct?

But another thing has come to my mind: If you just want some IP to be reachable under a different IP, why don't you define a secondary IP address?

interface XYZ

ip address 10.32.10.10 255.255.255.0

ip address 10.32.10.20 255.255.255.0 secondary

Best regards,

Peter

156
Views
0
Helpful
6
Replies