Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
790
Views
0
Helpful
1
Replies

inside src and outside dst NAT

dhyanesh
Level 1
Level 1

‎03-11-2004 02:27 AM - edited ‎03-09-2019 06:43 AM

Looking for help to setup the network below:

LANa---RTRa---Cloud---RTRb---RTRc---LANb

LANa: 10.1.8.128/27

RTRa: 10.1.8.130 (to LAN), 10.2.5.18(to cloud)

RTRb: 172.32.4.35 (to cloud), 192.168.33.98(to RTRc)

RTRc: 192.168.33.99 (to RTRb), 192.168.0.1 (to LANb)

LANb: 192.168.0.0/27

* All networks are /27

I want to be able to connect PCs on LANa to PCs on LANb using one-to-one NAT of both the source and destination addresses. Below is what I have done:

RTRa:

- ip nat inside source static 10.1.8.131 10.2.5.19

- ip nat outside source static 192.168.33.100 192.168.0.2

This is done so that the SRC address is from the range of the external IP allocation on RTRa and the DST address is from the range of the IP allocation on RTRc connecting to RTRb.

RTRb:

- ip nat inside source static 10.2.5.19 10.1.8.131

- ip nat outside source static 192.168.33.100 192.168.0.2

This is done so that the SRC and DST are converted back to what they initially were supposed to be (VPN like scenario).

RTRc:

- Do not want any NAT here as I want to keep the other NAT transactions transparent to this router.

However, if I do not do NAT here, then on RTRb, the debug is showing me

"IP ARP throttled out ARP request for 192.168.33.100"

"Encapsulation failed s=10.2.5.19 d=192.168.33.100"

If I do the NAT, then PC on LANa is able to ping PC on LANb. The NAT done is:

- ip nat inside source 192.168.0.2 192.168.33.100

Are there any documents available to understand this kind of scenario? And why this happens? Are there any other options available to achieve this scenario except using IPSec between RTRa and RTRc?

Labels:
0 Helpful
1 Reply 1

dhyanesh
Level 1
Level 1

‎03-16-2004 03:16 PM

I managed to get this working myself with the following nat entries on the RTRb:

ip nat inside source static 192.168.0.2 192.168.33.100

ip nat outside source static 10.2.5.19 10.1.8.131

From what I understand, I need ip nat inside so that the packets coming to the inside interface (192.168.33.98) of RTRb are translated to 192.168.33.100 from 192.168.0.2. I need ip nat outside so that packets going towards internal interface network are translated to 10.1.8.131.

Please let me know if my understanding of this is correct and why it is done that way. Is there any documentation on Cisco that explains in detail the NAT process.

0 Helpful
Customers Also Viewed These Support Documents