Another NAT on a Stick ...

OliverDarvall · ‎05-08-2013

We have obtained a VOIP service from a service provider for external calls in our company (we already have internal VOIP). They have setup the service and now I just need to get our VOIP server to talk to them. They require that our VOIP server's IP address be set to 192.168.244.250 (their gateway is .10).

So I thought of doing the following. Add a seconday IP to my Main Router of 192.168.244.250 and then just NAT everything through to the VOIP server.

Simple. I thought ... Of course I can't get the natting to work. Please check the following and assist !

Switch (can ping 192.168.1.80 and 192.168.244.250) :

interface Vlan1

ip address 192.168.1.1 255.255.0.0

Main Router:

interface Loopback0

no ip address

ip nat outside

interface GigabitEthernet0/0

ip address 192.168.244.250 255.255.255.0 secondary

ip address 192.168.1.80 255.255.255.0

no ip redirects

ip nat inside

ip virtual-reassembly in

ip policy route-map VOIP_NAT

route-map VOIP_NAT permit 10

match ip address 103

set interface Loopback0

access-list 103 permit ip any host 192.168.244.250

ip nat source static 192.168.1.15 192.168.244.250 extendable no-alias

(The VOIP server btw can not be set to 192.168.244.250 as their are too many VOIP devices on the LAN to change. Neither can it be added as a secondary IP because of some or other network failover features it has).

How I try and test this is to open a browser on my PC to http://192.168.244.250 which should then open the web interface on the VOIP server, but it opens the web interface of the Main Router (or it times out, depending on how I screw up the config).

OliverDarvall · ‎05-10-2013

Bump ...

blau grana · ‎05-10-2013

Hello Oliver,

Please correct me if I am wrong. You are trying to NAT 192.168.1.0/24 NAT to 192.168.244.250 and all traffic from 192.168.1.0/24 destinated to internet (same range of IPs) should be sent to 192.168.244.10. Right?

I would implement this like this ->

Main Router

interface Gi0/0

no shut

interface Gi0/0.10

description VoIP_LAN

enc dot 10

ip add 192.168.1.80 255.255.255.0

ip nat inside

interface Gi0/0.20

description VoIP_SP

enc dot 20

ip add 192.168.244.250 255.255.255.0

ip nat outside

ip route 0.0.0.0 0.0.0.0 Gi0/0.20 192.168.244.10

ip access extend NAT_ACL

permit ip 192.168.1.0 0.0.0.255 any

ip nat inside source list NAT_ACL interface Gi0/0.20 overload

Best Regards

Please rate all helpful posts and close solved questions

Best Regards Please rate all helpful posts and close solved questions

OliverDarvall · ‎05-10-2013

I am trying to nat all traffic to 192.168.244.250 through to 192.168.1.15.

A port forward solution of selected ports from .244.250 to .1.15 would also solve my problem, but for the life of me I could not get that working also (and I have done it successfully numerous times in the past !)

blau grana · ‎05-10-2013

OK, it is basically same config as before, with some highlighted changes:

Main Router

interface Gi0/0

no shut

interface Gi0/0.10

description VoIP_LAN

enc dot 10

ip add 192.168.1.80 255.255.255.0

ip nat inside

interface Gi0/0.20

description VoIP_SP

enc dot 20

ip add 192.168.244.250 255.255.255.0

ip nat outside

ip nat inside source static 192.168.1.15 192.168.244.250

Last command you can replace with port forward alternative

ip nat inside source static tcp/udp 192.168.1.15 inside_port 192.168.244.250 outside_port

Make sure that your routing is correct!

Best Regards

Please rate all helpful posts and close solved questions

Best Regards Please rate all helpful posts and close solved questions