cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1467
Views
0
Helpful
7
Replies

NAT - across multiple networks

iholdings
Level 1
Level 1

Greetings,

We have a need to NAT a global, Internet IP address from one network - back across multiple networks to an internal router.

The internal router on network 1 (please see graphic) is attached to VLAN2.  This VLAN is only defined on switches connecting host members - not accessible (I believe) from other VLANS on that network.  All other VLANS are defined on router 2 as well as the switchports with VLAN assignments.

The NAT to the single IP on the router servicing VLAN2 must be transparent and not touch any hosts between router 1 and router 4 (Internet router) for purposes of creating and IPSEC connection (not our responsibility - but the vendor's) we're simply providing the path.

Sorry if this sounds a bit muddled.  I can provide clarifications if needed.

Thanks for any assistance you can provide.

7 Replies 7

Jon Marshall
Hall of Fame
Hall of Fame

So you want to NAT a private IP attached to router 1 to a public IP on router 4. But there is no routing from R4 to get to R1 ? - is that what you are saying ?

Also not sure what you mean about not touching any hosts ?

Please clarify.

If you want to literally keep the traffic totally invisible to intermediate routers you could use GRE tunnel from R4 to R1. Do those routers support GRE ?

Jon

Hi Jon,

Sorry - there is a route between R1 and R4 - via R2 and R3 that talk over the Metronet.  R1/R2 are on one netwrok and R3/R4 are on the other network -connected via the Metronet.

I believe R2, R3 and R4 support GRE - but I can't say R1 does (vendor router).  Need to get that information.  Not sure how to set up GRE however.

R4-     Cisco IOS Software, 2800 Software (C2800NM-ADVENTERPRISEK9-M), Version 12.4(25a)

R3-     Cisco IOS Software, 3800 Software (C3845-ADVIPSERVICESK9-M), Version 12.4(3i)

R2-     Cisco IOS Software, 3800 Software (C3845-ADVIPSERVICESK9-M), Version 12.4(3i)

Thanks for your help.

iholdings wrote:

Hi Jon,

Sorry - there is a route between R1 and R4 - via R2 and R3 that talk over the Metronet.  R1/R2 are on one netwrok and R3/R4 are on the other network -connected via the Metronet.

I believe R2, R3 and R4 support GRE - but I can't say R1 does (vendor router).  Need to get that information.  Not sure how to set up GRE however.

R4-     Cisco IOS Software, 2800 Software (C2800NM-ADVENTERPRISEK9-M), Version 12.4(25a)

R3-     Cisco IOS Software, 3800 Software (C3845-ADVIPSERVICESK9-M), Version 12.4(3i)

R2-     Cisco IOS Software, 3800 Software (C3845-ADVIPSERVICESK9-M), Version 12.4(3i)

Thanks for your help.

I'm confused now. If there is routing setup between R4 and R1 why can you just not setup the NAT and it will work fine ?

Jon

Sorry - my ignorance isn't helping here.

There's an "available" route via the devices I listed - but currently - R1 is not partaking in any routing on it's network.  They are stand-alone in that manner.

They currently use two ways to access the Internet (for IPSEC) - one via cable (primary) and one over DSL (manually switched between as needed).  They wish to provide a third option in the attempt to maintain a backup option - if one or the other (or both) fail.

Because they do not interact at all with other non-VLAN2 hosts or other VLANS on that network - I would need to know how to tunnel traffic to the Internet (via GRE or other protocol) ONCE (if) they were connected to the LAN - since R4 is the only other Internet gateway option they have.  Do I even need to define their VLAN2 on the R3 router (as the other VLANS are now defined)?

I'm assuming if GRE is an option - I would be creating GRE virtual interfaces on every router between R1-R4 (including R1 and R4) - and routing traffic over these interfaces?

Thanks.

iholdings wrote:

Sorry - my ignorance isn't helping here.

There's an "available" route via the devices I listed - but currently - R1 is not partaking in any routing on it's network.  They are stand-alone in that manner.

They currently use two ways to access the Internet (for IPSEC) - one via cable (primary) and one over DSL (manually switched between as needed).  They wish to provide a third option in the attempt to maintain a backup option - if one or the other (or both) fail.

Because they do not interact at all with other non-VLAN2 hosts or other VLANS on that network - I would need to know how to tunnel traffic to the Internet (via GRE or other protocol) ONCE (if) they were connected to the LAN - since R4 is the only other Internet gateway option they have.  Do I even need to define their VLAN2 on the R3 router (as the other VLANS are now defined)?

I'm assuming if GRE is an option - I would be creating GRE virtual interfaces on every router between R1-R4 (including R1 and R4) - and routing traffic over these interfaces?

Thanks.

No need to apologise.

If you can use GRE you do not need to define vlan 2 on any other router. As long as R4 has an IP address on R1 it can route to and as long as R1 has an IP address on R4 it can route to then you can use GRE. Note that the IP on R1 does not have to be an address from vlan 2. I'm assuming once the packet gets to R1 it can then route to vlan 2 ?

As for GRE, well R2/3/4 do support it but you only need to configure it on the endpoints ie. you do not need to configure anything on the intermediate routers. It would be ideal in your setup if R1 did support GRE, otherwise it will have to be R4 -> R2 and then a route on R2 pointing to R1 for vlan 2.

Jon

Jon,

I've put in a request to get device information about R1 from the vendor.

I'll report back here once I do - and hopefully this will be an easy route to get set up.

Thanks again for all of your help.

No problem, glad to have helped.

Jon

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: