Re: how to configure NAT with 3 routers. - Page 2

sivared0001 · ‎05-31-2022

The traffic between the loopback 0 interfaces of R1 and R2 should traverse through R3;

R3 should be configured such that it translate 132.10.10.1 to 171.1.1.1 and 132.11.11.1 to 173.2.2.2

You can do NATTING only R3 router.

After completing the solution you do the verification.

Verification

On R3:

R3#show IP NAT translation

Pro  Inside global          Inside local        Outside local          Outside global
---  ---                    ---                 173.2.2.2              132.11.11.1
---  171.1.1.1              132.10.10.1            ---                    ---



R1# Ping 173.2.2.2 source 132.10.10.1  

It should be ping

and when your ping comes then your R3 result should be change

R3#show IP NAT translation

Pro  Inside global          Inside local        Outside local          Outside global
---  ---                    ---                 173.2.2.2              132.11.11.1
ICMP  171.1.1.1:15          132.10.10.1:15      173.2.2.2:15           132.11.11.1:15
---  171.1.1.1              132.10.10.1        ---                    ---


Note : Run OSPF protocol and you can use only one static route of any devices.

sivared0001 · ‎06-01-2022

i configured ospf in 3 routers and i used area 0 for all after that inside and outside configured like you said above but still not able ping

R1:ping 173.2.2.2 source 132.10.10.1.

when i see nat translations still getting same

Flavio Miranda · ‎06-01-2022

Hi

As I said, you are not going to ping, for a simple reason. The IP address you are ping does not exist anywhere,, soon, you can not ping.

But, you can ping and when you see the ping failure,, use the command to see the nat translation.

If I undertood correctlly, what your instructor wants is to see the NAT translation, not the ping response.

The NAT will take place, with ping response or not.

Now, if you want to see ping responde, you can add a fourth device after R3 and configure the IP 173.2.2.2 on it.

paul driver · ‎06-01-2022

Hello

@Flavio Miranda wrote:

you are not going to ping, for a simple reason. The IP address you are ping does not exist anywhere,, soon, you can not ping.

The natted ip address(s) dont have to exist for you to be able to ping them, with NAT you can use any addressing as long as they reachable towards the NAT router, in this scenario the NAT router IS aware of them, The spoke rtrs just have a default route which will arp towards the NAT rtr.

Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul

prashun457 · ‎04-11-2023

sivared0001 · ‎06-01-2022

exactly so if we want to ping any address that address need a device so that means in my question ping task is error

paul driver · ‎05-31-2022

Hello
I had to lab this one up TBH - It required some policy based routing and nat on a stick.
PBR because there is only one physical interface for the nat domain so we have to utilize the loopback interface of the nat rtr.

Please review attached file:...

Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul

MHM Cisco World · ‎05-31-2022

first both R1 and R2 default route must point toward the R3
ip static 0.0.0.0 0.0.0.0 R3

second config R3 interface & LO with ip NAT enable not NAT inside Outside, this make traffic hairpin in LO enter then NAT then Out

this my opinion for this issue.

paul driver · ‎05-31-2022

Hello

@MHM Cisco World Domain-less nat is an alternative if the ios on the rtr supports it but as this scenario is nat on a stick im not sure it would work - however i haven’t tested it so could not verify.

One of the reasons it could work is the nat order of operation is changed - with NVI nat a route lookup is perform before and after nat translation which isn’t the same as in domain nat.

Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul

sivared0001 · ‎06-01-2022

i have to use only one static route and also ospf i dont known where to use ospf.

ip nat enable command not working i got options only inside and outside to select after ip nat

MHM Cisco World · ‎06-01-2022

first regarding to OSPF and default route,
config the default route in R3 and redistribute it into OSPF,
second for ip nat enable this command config under interface not in global mode.

sivared0001 · ‎06-01-2022

Task-1:
R3#show ip nat translation

Pro  Inside global          Inside local        Outside local          Outside global
---  ---                    ---                 173.2.2.2              132.11.11.1
---  171.1.1.1              132.10.10.1            ---                    ---

the above one is done, i got exactly same.

the below one i have to do,

R1# Ping 173.2.2.2 source 132.10.10.1  
TASK-1:
It should be ping

and when your ping comes then your R3 result should be change

R3#show IP NAT translation

Pro  Inside global          Inside local        Outside local          Outside global
---  ---                    ---                 173.2.2.2              132.11.11.1
ICMP  171.1.1.1:15          132.10.10.1:15      173.2.2.2:15           132.11.11.1:15
---  171.1.1.1              132.10.10.1        ---                    ---


Note : Run OSPF protocol and you can use only one static route of any devices.

i used for nat 
ip nat inside source static 132.10.10.1 171.1.1.1
ip nat outside source static 132.11.11.1 173.2.2.2

i dont known how to solve the task-2,there are 3 steps

1.when i try to (Ping 173.2.2.2 source 132.10.10.1) from R1 the reply should come.
2.where and why to use ospf (mentioned in above note)
3.where and how to use only one static route of any device (mentioned in above note).


Iam sharing my commands in the attachment.

paul driver · ‎06-01-2022

Hello
Why are you reluctant to use the solution provided?
Implement the attached and it will work

Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul

sivared0001 · ‎06-01-2022

i did everything in the attachment that you provided

R3#show IP NAT translation

Pro  Inside global          Inside local        Outside local          Outside global
---  ---                    ---                 173.2.2.2              132.11.11.1
---  171.1.1.1              132.10.10.1            ---                    ---

until now everything fine now i need to get like below when we do below ping but that is nat address so we cant ping, then what to do now to get the final show ip nat translations.

R1# Ping 173.2.2.2 source 132.10.10.1

R3#show IP NAT translation

Pro  Inside global          Inside local        Outside local          Outside global
---  ---                    ---                 173.2.2.2              132.11.11.1
ICMP  171.1.1.1:15          132.10.10.1:15      173.2.2.2:15           132.11.11.1:15
---  171.1.1.1              132.10.10.1        ---                    ---

paul driver · ‎06-01-2022

Hello

can you attach the readout of the below commands into a file and attach to the post please

r3/r2

sh ip int brief

sh ip route

sh ip ospf neighbour

nat rtr

sh run

sh ip ospf neighbour

Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul

prashun457 · ‎04-11-2023

Help me, I'm not able to ping 173.2.2.2 source 131.10.10.1