NAT this NAT that

r.starke · ‎05-06-2002

OK here’s the problem, I have five devices that need to send data to a DB server in my NOC. I also need to send data to these devices from my NOC. I have a Cisco router on the Remote LAN side and the Checkpoint firewall on the NOC side. The Cisco router connects to the Internet via a frame relay circuit on a 30-bit network. Every thing behind the router is NATed. At the NOC I have 26-bit network and we are using NAT here also. How do I get this to work?

Remote LAN Remote WAN

192.168.100.0/29 208.56.72.243/30

NOC LAN NOC WAN

208.56.72.243/30 221.43.71.248/29

Host Devices DB Server

192.168.100.1:20052 10.10.100.100:20052

192.168.100.2:20052

192.168.100.3:20052

192.168.100.4:20052

192.168.100.5:20052

Did I mention that every thing needs to talk to port 20052?

Gilles Dufour · ‎05-06-2002

you need 1 static nat entry for the server at the noc.

That's no problem with your amount of addresses.

For the remote site, if you need to access them from the Noc, you also need static nat entry, which is not possible because you don't have enough addresses.

You could use PAT static entry (1 TCP port is dedicated to 1 device ie: port 80 is dedicated to device X, and ports 21/20 to device Y).

If this does not solve your problem, you might need an ipsec tunnel between your 2 sites and just don't use NAT for internal traffic.

daipayan_b · ‎05-07-2002

Hi,

You must have a static valid IP address for the DB server at NOC(thats 10.10.100.100), then Your packet translations should happen this way:

source:192.168.100.1 -> natted source:208.56.72.243 ->FR Internet -> destined for the valid IP for 10.10.100.100(natted at NOC Router) -> reached DB server.

in this scenario both the routers would be maintaining the NAT tables which includes layer 4 information as well.

You have to ensure that the checkpoint rule base allows the trafic to and fro.

It would work.