Re: How to setup domainless NAT via NVI?

Olaf123123123 · ‎02-05-2019

Hello guys,

I am trying to get it to work but for some reason it does not work.

I have a Router A with the following interfaces:

interface GigabitEthernet0/0
ip address 192.168.0.1 255.255.255.0
no ip redirects
ip nat enable
no ip route-cache
duplex full
speed 1000
media-type gbic
negotiation auto
!
interface GigabitEthernet1/0
ip address 120.0.0.50 255.255.255.0
no ip redirects
ip nat enable
no ip route-cache
negotiation auto
!

ip nat source static network 192.168.0.0 193.168.0.0 /24

I am trying to ping from client 192.168.0.10 to a Router B (which has a route for 193.168.0.0/24 pointing back to Router A). Now I see my packet going to Router B and returning and I expect the packet to get translated back from 193.168.0.10 to 192.168.0.10 and forwarded to the client.

Since the way I understand it NVI routes, translates and routes again. But for some reason I see the packet incoming, then it says "packet unroutable" (which makes sense since I don't have a route for that network), but afterwards the packet does not get translated back? Why is that? How can I tell my router that it should reverse the NATing?

I saw solutions with an IP pool but I want to solve it via NATing the whole address range. Is it possible?

Georg Pauwen · ‎02-05-2019

Hello,

not sure if what you are asking is working, but you can define the entire range in the pool as well:

access-list 1 permit 192.168.0.0 0.0.0.255
ip nat pool MYPOOL 193.168.0.1 193.168.0.254 prefix-length 24 add-route
ip nat source list 1 pool MYPOOL

Olaf123123123 · ‎02-08-2019

Okay I have noticed something very interesting. Please look at the router configuration:

hostname R1

interface GigabitEthernet0/0
ip address 192.168.0.1 255.255.255.0
ip nat enable
no ip route-cache
duplex full
speed 1000
media-type gbic
negotiation auto
!
interface GigabitEthernet1/0
ip address 120.0.0.50 255.255.255.0
ip nat enable
no ip route-cache
negotiation auto

ip nat source static network 192.168.0.0 200.0.0.0 /24

hostname R2

interface GigabitEthernet0/0
ip address 172.16.0.1 255.255.255.0
no ip route-cache
duplex full
speed 1000
media-type gbic
negotiation auto
!
interface GigabitEthernet1/0
ip address 120.0.0.60 255.255.255.0
no ip route-cache
negotiation auto
!

ip route 0.0.0.0 0.0.0.0 120.0.0.50

When pinging from a client behind R1 to R2, the ping will fail. R1 does not translate the adress back from the NAT address 200.0.0.10 to 192.168.0.10.

You can see R1 not translating the packet back:

*Feb 8 16:34:13.555: FIBfwd-proc: Default:0.0.0.0/0 not enough info to forward via fib (none none)
*Feb 8 16:34:13.555: FIBipv4-packet-proc: packet routing failed
*Feb 8 16:34:13.555: IP: s=120.0.0.60 (GigabitEthernet1/0), d=200.0.0.10, len 84, unroutable
*Feb 8 16:34:13.559: ICMP type=0, code=0

However when setting a default route to R2, the ping will work.

R1#(config) ip route 0.0.0.0 0.0.0.0 120.0.0.60

We can also see R1 translating the address back now, even if the routing fails at first:

*Feb 8 16:14:48.815: FIBfwd-proc: Default:200.0.0.0/24 not enough info to forward via fib (GigabitEthernet1/0 none)
*Feb 8 16:14:48.815: FIBipv4-packet-proc: packet routing failed
*Feb 8 16:14:48.815: IP: tableid=0, s=120.0.0.60 (GigabitEthernet1/0), d=200.0.0.10 (GigabitEthernet1/0), routed via RIB
*Feb 8 16:14:48.819: NAT: i: icmp (120.0.0.60, 62364) -> (200.0.0.10, 62364) [40179]
*Feb 8 16:14:48.819: NAT: s=120.0.0.60, d=200.0.0.10->192.168.0.10 [40179]

Why doesn't it do that for when the default route is not in place? The route is of no use, because the packet does not have to go back to R2. R2 is directly connected, so there is no use for a default route pointing to R2 whatsoever. But without it, the Router simply does not do a translation for the packet coming back. Why?

paul driver · ‎02-08-2019

Hello

@Olaf123123123 wrote:

I saw solutions with an IP pool but I want to solve it via NATing the whole address range. Is it possible?

Not with static entry as thats a 1to1 mapping you will require a nat pool to accommodate what you are querying

ip nat pool STAN 193.168.0.1 193.168.0.254 prefix-length 24 type match-host

Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul

Olaf123123123 · ‎02-08-2019

Hello Paul, appreciate your answer. Can you take a look at the last reply I gave to Georg? To me it doesn't make much sense that NAT works only with a route installed that has no effect. Surely I am missing something.

Jaderson Pessoa · ‎02-08-2019

Guy,

Who its inside and outside interface. ?
interface GigabitEthernet0/0
ip address 192.168.0.1 255.255.255.0
no ip redirects
( ip nat outside ) exemple
no ip route-cache
duplex full
speed 1000
media-type gbic
negotiation auto
!
interface GigabitEthernet1/0
ip address 120.0.0.50 255.255.255.0
no ip redirects
( ip nat inside ) exemple
no ip route-cache
negotiation auto

ip nat pool INTERNET 192.168.0.1 192.168.0.10 netmask 255.255.255.0
ip nat inside source list 10 pool INTERNET overload

access-list 10 permit 120.0.0.0 255.255.255.0

Some thing like it.

Jaderson Pessoa
*** Rate All Helpful Responses ***

Olaf123123123 · ‎02-08-2019

Please read the question, I am asking for domainless NAT via ip nat enable, not with nat inside and outside. I know how it works with inside and outside.