Re: Issue of same IP-Address on devices - Page 2

internetuser9998 · ‎02-17-2023

Dear community members,

I need to ask you a way for something usually not happens. Assuming I have a device, where the IP-Address is set static to e.g., 192.178.20.6. In production use, only one of such devices is needed. For testing purposes, I have to run several of those devices at the same time. And now the problems come in. I'm NOT ABLE to change any hardware settings of the devices, including the static IP-Address there are listen to, as mentioned above.

So my question is basically: what is the best possible way (if exists) with a Cisco Router or Switch, to translate the IP-Address, based on the connected port (or MAC-Address maybe), so that I can access the devices from outside via different IP-Addresses (e.g. .20.7 .20.8 ...). Is there any casting method to translate the Address?

Thank you for your help!

Joseph W. Doherty · ‎02-20-2023

"But how can I configure that. There should be a possibility by the IOS..."

Possible? Maybe, maybe not. The problem is, your left most, .6, PCs cannot be directly physically accessible, within the same L3 domain.

At the moment, I researching/reading Cisco documentation on the many additional features of NAT I've rarely or never used, such as double/twice NAT, NAT with VRFs, ip nat inside/outside with source option, etc.

Joseph W. Doherty · ‎02-20-2023

From what I've just been reading, VRFs with NAT (not PAT), bears trying. There are NAT restrictions when working with VRFs (including differences between VRF<>VRF and VRF<>global), unclear if those make such an approach impractical. Might also eliminate the need for using PBR (that I had in mind).

(BTW, one reason I had mentioned possibly using a switch and router, most small routers have a very limited port count, if you wanted more than just a few test PCs on-line, concurrently, having a VRF switch, pass traffic on a single router port, might be an option.)

Unfortunately, for "lab" purposes, I only have a copy of PT, and (not unexpectedly) it doesn't support VRFs (and limited NAT features). So, I'm unable to experiment to see if I could provide a working model.

Joseph W. Doherty · ‎02-21-2023

BTW, forgot to mention unsure something like NAT can be done between hosts on the same network (i.e. admin .2 and target PC, .6, /24?).

If not, assuming NAT can be used, as desired, should be simple to have admin and test PCs appear in different networks (or move admin to another network).

An unasked question is whether the .6 PCs have a gateway address.

MHM Cisco World · ‎02-20-2023

if you talk that PC1 and PC2 is represent R/SW in real network and you want to access it, then check solution above
if you talk that PC1 and PC2 is really PC then there is no in real network such as this case
if you talk that PC1 and PC2 is Server, then you must first now what UDP/TCP port use by these server, and again use solution I mention above for this case.

internetuser9998 · ‎02-20-2023

PC1 and PC2 are real Computer. I guess from the solution above and from the other community post, I only be able to do that:

MHM Cisco World · ‎02-20-2023

not that what I meaning
let explain,
we can forward the traffic come from outside to inside toward two different PC via two
Using one public IP for each PC, but here you mention that you use same public IP so how can NATing router that this traffic must forward to PC1 and that traffic must forward to PC2 ??

we need something else to do this classification, here come the idea of port
that why I mention before PC is Server why because Server use specific port
now
if traffic come to NATing router with specific Port the router can know that this traffic must forward to PC1 or PC2
this need static PAT.

Joseph W. Doherty · ‎02-22-2023

BTW, just came across another "old" posting, with a recent entry referencing a recent thread, that seems very similar to this issue, responded by @MHM Cisco World , i.e. multiple-global-to-vrf-nat .

Had not noticed this later reference, when it was posted, but it seems similar to the goal the this thread's OP is trying to accomplish.

What's described, and what MHM proposed, appears similar to what I had in mind.

Joseph W. Doherty · ‎02-20-2023

Yea, that's what I initially had in mind, i.e. routers 1 and 2 doing NAT for PCs 1 and 2 (actually, the number of NAT routers needed are target [left ones, in diagram] PCs less one).

However, more on my other idea as a reply to your prior posting.

Joseph W. Doherty · ‎02-23-2023

Well, been reading up on mixing VRFs and NAT - have come up with a simple configuration that may work, or perhaps might be close to what you might need.

Remember, I don't have any way to test this config, so the following is a very big may work. I assume you can change your IP of your admin PC, i.e. only the .6 PC cannot be changed. Don't know what your gateway IP is for your .6, assumed .1, if no gateway, perhaps following would work using interface ARP proxy. Following only supports three .6 PCs, but should be obvious what to add for additional number of .6 PCs.

ip vrf vhost01
ip vrf vhost02
ip vrf vhost03

interface e0
ip address 192.168.10.1 255.255.255.0
ip nat outside

interface e1
ip vrf forwarding vhost07
ip address 192.168.20.6 255.255.255.0
ip nat inside

interface e2
ip vrf forwarding vhost08
ip nat inside
ip address 192.168.20.6 255.255.255.0

interface e3
ip vrf forwarding vhost09
ip address 192.168.20.6 255.255.255.0
ip nat inside

ip nat inside source static 192.168.20.6 192.168.20.7 vrf vhost07
ip nat inside source static 192.168.20.6 192.168.20.8 vrf vhost08
ip nat inside source static 192.168.20.6 192.168.20.9 vrf vhost09

ip route vrf vhost07 0.0.0.0 0.0.0.0 e0 192.168.10.2 global
ip route vrf vhost08 0.0.0.0 0.0.0.0 e0 192.168.10.2 global
ip route vrf vhost09 0.0.0.0 0.0.0.0 e0 192.168.10.2 global