01-07-2020 04:25 AM
Hi,
I have a single 1841 router with two direct connected networks and I have configured NAT to allow the use of an internet gateway on both networks.
I would like to be allow local devices on both networks to communicate with each other after implementing NAT, however devices on the NAT outside interface cannot telnet to devices on the NAT inside interface once I enable NAT.
The router config is below, if I remove the IP NAT inside/outside from the F0/0 and F0/1 interfaces then I have two way communication.
As soon as I enter the NAT inside/outside commands I loose connection to the 10.243.1.0 network from 10.80.10.0
Please could someone advise what is required here, do I need to add a static route from 10.80.10.0 to 10.243.1.0?
A traceroute from 10.80.1.xx shows that it reaches interface 10.80.10.135 and then times out.
Thanks,
James
(10.80.10.1 is the router I use for internet access)
version 15.0 service timestamps debug datetime msec service timestamps log datetime msec no service password-encryption hostname R1 boot-start-marker boot-end-marker enable password xxxxx no aaa new-model ip source-route ip cef multilink bundle-name authenticated license udi pid CISCO1841 interface FastEthernet0/0 ip address 10.80.10.135 255.255.255.0 ip nat outside ip virtual-reassembly duplex auto speed auto interface FastEthernet0/1 ip address 10.243.1.15 255.255.255.0 ip nat inside ip virtual-reassembly duplex auto speed auto interface Serial0/0/0 no ip address shutdown clock rate 2000000 ip forward-protocol nd no ip http server ip nat inside source list 1 interface FastEthernet0/0 overload ip route 0.0.0.0 0.0.0.0 10.80.10.1 access-list 1 permit 10.243.1.0 0.0.0.255 control-plane line con 0 line aux 0 line vty 0 4 password xxxxx login scheduler allocate 20000 1000 end
01-07-2020 04:49 AM
Hi there,
Try adding the following NAT command:
! ip nat inside source static tcp <inside_telent_server_ip> 23 interface fa0/0 23 ext !
Update <inside_telent_server_ip> with the correct inside address. Connecting to 10.80.10.135 TCP/23 will forward the traffic to the inside telent server.
cheers,
Seb.
01-09-2020 01:05 PM
I can't seem to get this to work unfortunately, the 'ext' at the end provides invalid input so I tried ? in its place and it shows <cr>
I tried the command without ext and it doesnt work either.
01-07-2020 07:45 AM - edited 01-07-2020 07:45 AM
Hello
@ramram wrote:
Hi,
I have a single 1841 router with two direct connected networks and I have configured NAT to allow the use of an internet gateway on both networks.
Do you have users in the outside domain (10.80.130.0/24) aswell as your internet router, if so do you want connecton to all hosts between the nat domains? (inside/outside)
I assume the internet router is also perfroming NAT?
What device is the internet rtr and are you able to adminster it?
01-09-2020 01:18 PM
Hi Paul,
In answer to your questions:
Do you have users in the outside domain (10.80.130.0/24) aswell as your internet router, if so do you want connecton to all hosts between the nat domains? (inside/outside)
Yes, there are users in the outside domain with the internet router and I would like connection possible between hosts in the nat domains.
I assume the internet router is also perfroming NAT?
What device is the internet rtr and are you able to adminster it?
The internet router I think must be providing NAT because users in this outside domain can access the internet via the router.
The internet router is a TP-Link router running OpenWRT and I do have admin access.
Many thanks,
James
01-09-2020 01:36 PM - edited 01-09-2020 02:00 PM
Hello James
Thank you for those answers it has made it much clearer to understand and as such it sounds like you don't really need to have nat on this router as TP-link rtr is performing this function that is unless you wish to hide 10.243.1.0/24 subnet from the the tp-link users?
All what you need to do is either apply some static or dynamic routing between each rtr and add the 10.243.1.0/24 subnet the the exiting nat rule of the TP-Link rtr for them to access the internet.
Example:
rtr
interface FastEthernet0/0
no ip nat outside
exit
interface FastEthernet0/1
no ip nat inside
exit
no ip nat inside source list 1 interface FastEthernet0/0 overload
no access-list 1 permit 10.243.1.0 0.0.0.255
tp_link rtr
ip route 10.243.1.0 255.255.255.0 10.80.10.135
Add a nat rule for 10.243.1.0/24
However if you do wish to hide 10.243.1.0/24 subnet from the TP-Link users then you would need nat, so can you please confirm?
01-09-2020 02:14 PM
Hello,
what if you simply exclude the traffic between both networks from being natted ?
ip nat inside source list 101 interface FastEthernet0/0 overload
!
access-list 101 deny ip 10.243.1.0 0.0.0.255 10.80.1.0 0.0.0.255
access-list 101 permit ip 10.243.1.0 0.0.0.255 any
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide