Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
492
Views
0
Helpful
5
Replies

Double NATing

Iloveyou
Level 1
Level 1

‎11-08-2023 10:19 PM

Assume I have a 172.16.0.0/16 network, it is then Nated to a 192.168.1.0/24 network.

This 192.168.1.0/24 is then NAT via a firewall to a public ip so that there is internet access.

So being a routing issue, how can I route to the 172.16.0.0/16 network. 

After vpn into firewall, I can only reach the 192.168.1.0/24 but not the 172.16.0.0/16

Labels:
0 Helpful
5 Replies 5

Torbjørn
Spotlight
Spotlight

‎11-08-2023 11:42 PM - edited ‎11-09-2023 01:00 AM

You can do one of the following:

  • Port forward the specific devices you wish to reach from the firewall.
  • Add a route for 172.16.0.0/16 on your firewall towards the 192.168.1.0/24 address of your router. Then add an exception for traffic destined to your firewall address in the 192.168.1.0/24 network to the ACL you are using in your NAT config, such that your return traffic isn't NATed.
  • Add a route to the 172.16.0.0/16 network on your firewall towards the router and set up source-nat "the other way" on the router if this is supported.
  • Create a tunnel between the firewall and the router and add a route to the 172.16.0.0/16 network though your tunnel. Such that the traffic isn't affected by the configured NAT.
Happy to help! Please mark as helpful/solution if applicable.
Get in touch: https://torbjorn.dev
0 Helpful

Iloveyou
Level 1
Level 1
In response to Torbjørn

‎11-13-2023 06:13 PM

Hi,

Please do me a favour and give me some commands for 2nd or 3rd for better illustration. 

0 Helpful

paul driver
VIP
VIP

‎11-10-2023 01:48 AM

Hello
The rtr that is natting 172.16.0.0/16 towards the Fw  is the key it will need to be dynamic  host to host NAT for connection to be successful 

Alternatively you could just have a static route from the FW towards that rtr for 172.16.0.0/16 subnet and perform nat on the Fw for it thus removing NAT from the rtr.


Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul
0 Helpful

MHM Cisco World
VIP
VIP

‎11-14-2023 12:36 AM - edited ‎11-14-2023 01:08 AM

public NATing and dual NAT in same FW ?

If yes that not work.

The FW do only one NATing for traffic here it do NATing to 192.168.1.0 or 192.168.1.0 to public not both.

0 Helpful

MHM Cisco World
VIP
VIP

‎11-14-2023 01:07 AM

you can make 172.16.0.0 NAT to 192.168.1.0 only if traffic go via VPN or other 
and NATing to public if traffic have destination any 

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card