cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
677
Views
0
Helpful
4
Replies

Global IP to Global IP NAT

rwaqanitoga
Level 1
Level 1

Hi,

I was wondering if it is possible to do a global IP to global ip NAT on cisco router.

I have a scenario where a LAN has access to 2 Internet Providers(Public networks)

And in order to divert some traffics from the LAN that has Provider1 public addressing, can IP provider1 be NAT on router thats links Internet Provider2?

Basically, NAT works on Private to Public IP but can it be done with Public to Public IP NAT as described above.

Looking forward to an explanation on this setup.

Best Regards,

Ruveni

1 Accepted Solution

Accepted Solutions

Jan Hrnko
Level 4
Level 4

Hi Ruveni,

I was wondering if it is possible to do a global IP to global ip NAT on cisco router.

Sure,   this can be done just fine. You don't need anything special, just   configure it like you would configure "normal" NAT (private source   IP->public source IP).

I have a scenario where a LAN has access to 2 Internet Providers(Public networks)

And  in order to divert some traffics from the LAN that has Provider1 public  addressing, can IP provider1 be NAT on router thats links Internet  Provider2?

Just to simplify things, let's name the router

  • that leads to service provider1: R1
  • that leads to service provider2: R2

IF   I get you correctly, you want to configure NAT on R1 to translate to   addresses that uses R2 public IP and send it to SP1. You would achieve   load balancing by the fact, that the traffic will leave through SP1 but   will arrive from SP2 -

phenomenon known as assymetric routing.

Am I right?

Now,  this is possible but it wouldn't work. Why? Because the NAT translation  table is  present on R1 but missing on R2. R2 will receive such  packets, but will  not know what to do with them - he does not know from  which LAN hosts do  they come from - so R2 discards them.

Can  you please show us the diagram of your topology? I  am not really sure  if I got this right, but way I understand this is  that you have 1 LAN  on the same subnet that has R1 as its default gateway but you do have  another router, R2, that is somewhere in your network - maybe even  connected to R1?

Basically, scenario like this calls  for PBR - Policy Based Routing. With use of PBR, you could divert some  traffic to the R2 and then send it to the internet. That way, R2 will  have the NAT translation table and when the packet comes back, it can  forward it back to the original host. Just make sure that R2 knows how  to get to the LAN (has route to LAN in its routing table).

If you would be so kind and share the topology diagram with us, we could provide more accurate and better solution.

Also, if you have any questions regarding PBR or anything else, feel free to ask!

Best regards,

Jan

View solution in original post

4 Replies 4

Jan Hrnko
Level 4
Level 4

Hi Ruveni,

I was wondering if it is possible to do a global IP to global ip NAT on cisco router.

Sure,   this can be done just fine. You don't need anything special, just   configure it like you would configure "normal" NAT (private source   IP->public source IP).

I have a scenario where a LAN has access to 2 Internet Providers(Public networks)

And  in order to divert some traffics from the LAN that has Provider1 public  addressing, can IP provider1 be NAT on router thats links Internet  Provider2?

Just to simplify things, let's name the router

  • that leads to service provider1: R1
  • that leads to service provider2: R2

IF   I get you correctly, you want to configure NAT on R1 to translate to   addresses that uses R2 public IP and send it to SP1. You would achieve   load balancing by the fact, that the traffic will leave through SP1 but   will arrive from SP2 -

phenomenon known as assymetric routing.

Am I right?

Now,  this is possible but it wouldn't work. Why? Because the NAT translation  table is  present on R1 but missing on R2. R2 will receive such  packets, but will  not know what to do with them - he does not know from  which LAN hosts do  they come from - so R2 discards them.

Can  you please show us the diagram of your topology? I  am not really sure  if I got this right, but way I understand this is  that you have 1 LAN  on the same subnet that has R1 as its default gateway but you do have  another router, R2, that is somewhere in your network - maybe even  connected to R1?

Basically, scenario like this calls  for PBR - Policy Based Routing. With use of PBR, you could divert some  traffic to the R2 and then send it to the internet. That way, R2 will  have the NAT translation table and when the packet comes back, it can  forward it back to the original host. Just make sure that R2 knows how  to get to the LAN (has route to LAN in its routing table).

If you would be so kind and share the topology diagram with us, we could provide more accurate and better solution.

Also, if you have any questions regarding PBR or anything else, feel free to ask!

Best regards,

Jan

Hi Jan,

Thank you very much for your kind positive response...

Yes i was planning to use PBR to divert the traffic(smtp,pop3, etc) onto ISP2

I have attached the network diagram. Looking forward to your response

Best Regards,

Ruveni

Just add one more thing, I would want the traffic that goes through ISP2 to return to ISP 2 onto the same link back to customer LAN.

Cheers,

Ruveni

Hi Ruveni,

I see, you have only one router with 2 interfaces connected to different ISPs. Now, that changes the situation a little bit.

You have basically two options:

  1. Use PBR
  2. Use two or more access-lists with NAT

You could even divert traffic based on ip addresses! Something like, lower half of the IP will go through ISP1 and the upper half through ISP2.

ip nat inside source list 1 interface [interfaceToISP1] overload
ip nat inside source list 2 interface [interfaceToISP2] overload

access-list 1 permit 167.XXX.XXX.0 0.0.0.127

access-list 2 permit 167.XXX.XXX.128 0.0.0.127

But if you want to use more specific criteria, then PBR is your friend.

Just add one more thing, I would want the traffic that goes through ISP2  to return to ISP 2 onto the same link back to customer LAN.

This is something you cannot guarantee - simpy because of the nature of routing. But in your case, it could be true. It mainly depends on how and which networks do you advertise to your ISPs. I mean, if routers out in the internet doesn't know that 202.XXX.XXX.2/30 is reachable via 167.XXX.XXX.2/30 then it is safe to assume the packets sent interface towards ISP2 will arrive back to this interface as well. After all, you can test it.

Best regards,

Jan

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Innovations in Cisco Full Stack Observability - A new webinar from Cisco