Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
295
Views
0
Helpful
3
Replies

NAT Question.

dave-oconnor
Level 1
Level 1

‎02-25-2005 12:28 PM - edited ‎03-09-2019 10:27 AM

I am trying to NAT on a 2621 router. Here is the scenario I have several Client subnets that currently access our servers via a routed solution. Now we have a new client that wish's to access out services but wants to do so using registered addresses. So our thinking is that we can use NAT to have this new customer connect to the registered address which can be, lets say, a loopback address on the 2621 that can be the outside interface. All the users will be coming into this router using the same interface f0/0 and our server is located on f0/1.

- The Client networks on coming from f0/0 are 172.1.1.0/24 and 172.2.3.0/24.

- The New client Subnet is 192.2.2.0/24

- lets say the registered address is 66.43.44.33

- our servers are 172.168.0.1 and 172.168.0.2

We would like users to be able to connect to us using the registered address and a port combo, so that lets 7821 connects to 172.168.0.1 and 7822 connects to the 172.168.0.1 server. Also I would like to still be able to route the other clients.

Any help you could give would be greatly appreciated

Labels:
0 Helpful
3 Replies 3

kelvin.harris
Level 1
Level 1

‎02-25-2005 06:10 PM

From what you have described I don't think you need to use NAT but rather access lists.

An access-list on f0/1 specifying who has permission to get to it and another one on f0/0 specifying which subnets can "talk" to each other.

0 Helpful

Josef Oduwo
Level 7
Level 7

‎02-25-2005 09:09 PM

Dave,

I think you need both access lists (to define the source addresses which can be networks or subnets) as well as PAT or "overloaded" NAT (to go outside via your registered address).

Your outside interface, f0/1 would be 66.43.44.33. All your internal addresses (the servers) will be mapped onto this address. I am not sure though, that the subnets will be able to see the servers with a /24 mask.

PAT will attempt to preserve the original source port, if this source port is already allocated PAT will attempt to find the first available port number from the appropriate port group 0-511, 512-1023 or 1024-65535. So you needn't worry about assigning a port number.

Here is more on how NAT works (http://www.cisco.com/warp/public/556/nat-cisco.shtml), configuring NAT http://www.cisco.com/en/US/tech/tk648/tk361/technologies_tech_note09186a0080094e77.shtml and configuring Access Lists (http://www.cisco.com/en/US/products/sw/secursw/ps1018/products_tech_note09186a00800a5b9a.shtml).

Cheers,

Josef.

PS - Please rate the post if it helps!

0 Helpful

Philip D'Ath
VIP Alumni
VIP Alumni

‎02-26-2005 02:24 AM

Can you put the new client on a seperate interface, as a VLAN? Being able to put them on a seperate interface makes things much easier. If so, then something like:

interface f0/0.1

description existing clients using private ip

interface f0/0.100

description new client wanting to use public ip

ip nat outside

interface f0/1

description servers

ip nat inside

ip nat inside source static 172.168.0.1 66.43.44.33

0 Helpful
Customers Also Viewed These Support Documents