Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
348
Views
0
Helpful
2
Replies

NAt - Dial-Up Problems

kcoshamerli
Level 1
Level 1

‎05-11-2005 05:33 AM - edited ‎03-02-2019 10:43 PM

Hi,

We are having problems with NAT and Dial-Up clients that need to connect to an application for data-synchronization. The application takes care of RADIUS-Authentication and DHCP-Allocation. The dial-up clients are all pre-programmed to connect to "192.168.1.1:9200". We are now trying to make this work in multiple countries without internation dial-up costs. For this we place a NAS-Router in the Satellite-Country that is connected to the Host-Country via a IPSec VPN-Tunnel. Unfortunately, the application only allows one NAS-Router per IP-Address and TCp-Port. Meaning we can only once have 192.168.1.1:9200 in the network. To work around this problem we want to use NAt on the Satellite-Country that translates the requests from the Dial-Up clients to "192.168.1.1:9200" into "192.168.1.11:9200". I have defined the Dialer-interface as IP NAT INSIDE and the VPN-Tunnel Interface as IP NAT outside. We have tried this using ping-commands with teh source-address of the Dialer-interface and we see the traaffic being NAT'ed and reaching the application. However, when we debug during the dian-up of the clients (IP-Address 192.168.129.10) this traffic is NOT NAT'ed and as a consequence the communication fails.

Any advice is greatly appreciated. I've been breaking my head over this one for 2 days now. read all documents on NAT and can not see where it is going wrong...

Thanks in advance,

Steven Hamerlinck

Labels:
Preview file
249 KB
0 Helpful
2 Replies 2

Not applicable

‎05-17-2005 11:23 AM

Apply the NAT inside command on the ethernet interface, this is because this is the interface where the packet enters the router.

Here the NAT is done and the packet is sent out with the NATted IP addresses.

0 Helpful

kcoshamerli
Level 1
Level 1
In response to

‎05-20-2005 12:29 AM

Hi,

I am trying to perform NAT'ting based on the source-address with mulitple NAT-zones at the same time. Below is the explanation.

NAT-1.

I should be able to connect form the "production-environment (138.249.X.X)" into the "private-environment(192.168.2.X)" for configuration and monitoring purposes.

NAT-2

All dialup clients need to reach 192.168.1.1 that has to be NAT'ted into 192.168.1.11 and routed via the PTP-link on FA 2/0. (This interface is to be replaced by a IPSec Virtual Tunnel interface later - IOS/mem upgrade required and ordered)

NAT-3

All clients connected to the 192.168.2.0 subnet should be able to reach 192.168.1.1 via the PTP-link (NO NATTING into the PTP-Link).

My idea was to use ROUTE-MAPS to determine the source-address and descriminate the traffic from the NAT-proces or not. However I am unsuccesfull at this.

I have attached the config (NAT1NAT2-OK.txt) in which I can make the NAT-1 and NAT-2 work, but then NAT-3 fails. If I remove the "IP NAt OUTSIDE" command on int FA 2/0 the NAt-3 process is not required any more, but then NAt 2 fails. So currently I am at a trade-off point and this unfortunately is unaccepetable.

I have also attached the config (ROUTE-MAP-NAT.txt) which is how I think it should be configured in order to get 3 NAT-processes working. I have trezid these and it does not work.

Can anyone help me out here pls.

Thanks in advance,

Steven H.

Preview file
4 KB
0 Helpful
Customers Also Viewed These Support Documents

Review Cisco Networking for a $25 gift card