puzzled with NAT

bobababurko · ‎09-28-2004

OK, I have a 2514(two AUI/eth, one serial) that is connected to a csu/dsu that is serviced with a full T1. I have two subnets routed to my router(a /24 and /28) via the serial link so the serial port on my router is 12.127.253.xxx., which is the network between me and my ISP. So that IP has to be on the router interface, S0. What I want to do is somehow configure my router to implement static NAT for each of the two subnets,/24 and /28, on their respective interfaces, eth0 and eth1.

I am not sure how to go about what seems squeezing in the public subnets as I know that I will have to assign the internal interfaces, eth0 and eth1 private NAT addresses(something like 192.168.10.1/24 and 192.168.11.1/28) as the gateways to my private networks.

So, I am hoping that I have explained what I want sufficiently. I really do not know if I can somehow use subinterfaces? to implement this...if so how and what interface would I do it on. I am not even sure I can do what I want here.

Any help would be appreciated.

puzzled,

Bob

Georg Pauwen · ‎09-28-2004

Hello Bob,

unless you have been assigned numerous public IP addresses from your 12.127.253.xxx from your provider, you cannot do static NAT. Your only option is to use PAT, or overloading. Your config would look like this (the IP addresses are assumed, you might be using different ones):

interface Ethernet0

ip address 192.168.10.1 255.255.255.0

ip nat inside

!

interface Ethernet1

ip address 192.168.11.1 255.255.255.0

ip nat inside

!

interface Serial0

ip address 12.127.253.1 255.255.255.252

!

ip nat inside source list 1 interface serial0 overload

!

access-list 1 permit 192.168.10.0 0.0.1.255

I guess this does not help much if you need static assignments. But usually you do not have a lot of public IP addresses available.

If you do have other public IP address available, you would enter statements like this:

ip nat inside source static 192.168.10.2 12.127.253.3

HTH,

Georg

www.solutionfinders.nl

bobababurko · ‎09-28-2004

I'm sorry, I should have been more detailed in my explanation. I have two networks that are routed through the T1, namely a /24 and a /28, which are 12.183.xxx.xxx and 12.45.xxx.xxx. Not to be confused with the network that between my router and the ISP's router, of which 12.127.xxx.xxx is on the serial interface of my router. Right now I do not have NAT implemented and the gateways of each network(12.183.xxx.1, 12.45.xxx.1) are assigned to eth0 and eth1, repectively.

I hope this better explains my network. TIA

nihal.akbulut · ‎09-29-2004

if I understand correctly, u have 2 ethernet segment with 12.183.xxx.xxx and

12.45.xxx.xxx. and u dont want to use these subnets inside anymore, instead u want to use

private segments (192.168.10.x and 192.168.11.x ) on inside ethernets but to nat them

12.183.xxx.xxx and 12.45.xxx.xxx when going outside..right?

if so ;

ip nat pool pool1 12.183.xxx.1 12.183.xxx.254 netmask 255.255.255.0

ip nat pool pool2 12.45.xxx.xxx 12.45.xxx.xxx netmask 255.255.255.240

interface Ethernet0

ip address 192.168.10.1 255.255.255.0

ip nat inside

!

interface Ethernet1

ip address 192.168.11.1 255.255.255.0

ip nat inside

!

interface Serial0

ip address 12.127.253.1 255.255.255.252

!

ip nat inside source list 1 pool pool1

ip nat inside source list 2 pool pool2

!

access-list 1 permit 192.168.10.0 0.0.0.255

access-list 2 permit 192.168.11.0 0.0.0.255

hope this helps

bobababurko · ‎09-29-2004

Yes indeed, you are correct in interpreting my cryptic explanation, and my apologies for that. The only thin different is that I am interested in using static NAT. So it seems that things are a bit easier than I imagined. Some questions that I have are:

i.) Will I simply use the ip nat inside source static command and do away with the access list and ip nat pool commands to implement this?

ii.) What will my default gateway be?

iii.) I noticed that there is no, ip nat outside command assigned to anything

I guess I was thrown off thinking that the network or IP that I wanted translated going out to the internet needed an interface to be assigned to. By your example above, that is not the case.

thanks for the response,

Bob

nihal.akbulut · ‎09-30-2004

Hi Bob,

i) if you want your nat translations always same , I mean;

192.168.10.x segment always be translated to 12.183.xxx.xxx and,

192.168.11.x segment always be translated to 12.45.xxx.xxx

then you have to use nat with 2 different access-list (which I posted before)

but if you don't mind about how translation occurs, then you can create a big pool which includes both 12.183.xxx.xxx and 12.45.xxx.xxx. and then you can do nat with this one pool. for example;

Router(config)#ip nat pool pool1 prefix-length 24

Router(config-ipnat-pool)#address 12.183.xxx.1 12.183.xxx.254

Router(config-ipnat-pool)#address 12.45.xxx.1 12.45.xxx.254

access-list 1 permit 192.168.10.0 0.0.0.255

access-list 1 permit 192.168.11.0 0.0.0.255

ip nat inside source list 1 pool pool1

ii) your default gateway will still be your ISPs address(12.127.253.2), like before.

iii)yep, sorry I forgot it. you are right, you have to write "ip nat outside" under Serial0.

hope it's more clear for you.

regards

Nihal