Buy or Renew
Buy or Renew
NOTICE: You can now engage in the community. Learn about the great new Cisco Umbrella content.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1031
Views
0
Helpful
8
Replies

Nat Address to other address?

rechard_hk
Level 1
Level 1

‎10-07-2013 12:23 AM - edited ‎03-04-2019 09:14 PM

Dear all,

I have some issue to ask you that i would like to translate address to other addresss as below:

i have 3 router please see in the attach file.

router1 connection to router2 by VPN connection ( Local Loop) and router3 allow only ip add 192.168.10.1 and 2 to passtrought.

so i mean that router3 block everything but it allow only 192.168.10.1-2. so if my lan 192.168.0.10 want to access to lan 192.168.50.10 , the router 3 will block because the router 3 allow only 192.168.168.10.1 and 2,

How can we translate from 192.168.0.10 to 192.168.10.2?

best Regards,

Rechard

Labels:
Preview file
19 KB
0 Helpful
8 Replies 8

Jan Hrnko
Level 4
Level 4

‎10-07-2013 01:12 AM

Hi Rechard,

what about enabling NAT on Router2? I don't know how big your LAN is, so I am gonna write this only for that one host(?) you mentioned. Change it accordingly to your situation/subnetting.

Router2(config)#ip nat inside source list 1 interface [interfaceToRouter3] overload

Router2(config)#access-list 1 permit 192.168.0.10 0.0.0.0

Don't forget to put commands ip nat inside and ip nat outside on the appropriate interfaces on Router2.

ip nat inside on R2 to R1

ip nat outside on R2 to R3

Best regards,

Jan

0 Helpful

rechard_hk
Level 1
Level 1
In response to Jan Hrnko

‎10-07-2013 01:41 AM

Dear Jan,

How can we know that 192.168.0.10 translate to 192.168.10.2?

i worry that the router 3 block, if it cannot translate to 192.168.10.2 mean that it block.

Let me explain that on router 3 they don't allow use to change something, so they allow PC connect to Router 3 by 192.168.10.10 and GW: 192.168.10.2  but extend network ( 2 router with VPN connection ) and i want to connect 192.168.0.10 translate to 192.168.10.2, the router 3 don't care about 192.168.0.10 but it care about ip 192.168.10.2 to allow to outside.

do you hvae any advice on this?

Best Regards,

Rechard

0 Helpful

Jan Hrnko
Level 4
Level 4
In response to rechard_hk

‎10-07-2013 02:42 AM

Hi Rechard,

 the router 3 will block because the router 3 allow only 192.168.168.10.1 and 2

That's why I suggested to translate the 192.168.0.10 address to the interface with address 192.168.10.1, because you have no control of .2

This can be achieved as I said earlier. That way, only 192.168.0.10 will be translated to 192.168.10.1 and therefore R3 should allow it, right?

OR you can create static nat mapping. If this is what you are looking for, check this link:

http://www.cisco.com/en/US/docs/security/asa/asa82/configuration/guide/nat_static.html

Best regards,

Jan

0 Helpful

gasood
Level 1
Level 1

‎10-07-2013 03:35 AM

This can be achieved by PAT

As per your packet flow it will be traversing over VPN and reaching to R2 there it will be decrypted.Then u need translation so that 192.168.0.0/24 subnet gets translated to 192.168.10.1 it can't be translated to 192.168.10.2 because NAT is configurable on R2 and 10.2 belongs to R3.

Now the question comes how we can translate the packet.
Here is the solution

VPN====(f0/1)R2(f0/0)---------R3- ----------Destination

Int f0/1
IP Nat inside

Int f0/0
IP Nat outside

IP access-list exte 121
Permit IP 192.168.0.0 0.0.0.255 192.168.50.0 0.0.0.255

IP Nat inside source list 121 interface f0/1 overload

Run the command

"Show IP Nat translations" to see/check the translation table

Sent from Cisco Technical Support Android App

0 Helpful

Jan Hrnko
Level 4
Level 4
In response to gasood

‎10-07-2013 03:55 AM

Hi Guarav,

That's what I suggested in my post.

One more thing:

VPN====(f0/1)R2(f0/0)---------R3- ----------Destination


IP Nat inside source list 121 interface f0/1 overload

If you put it like this, I think that there should be f0/0 instead of f0/1.

Best regards,

Jan

0 Helpful

rechard_hk
Level 1
Level 1
In response to Jan Hrnko

‎10-07-2013 08:06 PM

dear all,

It still not work on nat.

i try to show : show ip nat tra but it nonthing come up .

one more thing on R3 we cannot add any routing or other subnetting on Router 3 , they just to route only ip 192.168.10.1-2

do you have any idea on this?

for troubleshooting i skip configure VPN, i just to do routing from router1 to Router 2. to make sure we can translate to from 192.168.0.10 to 192.168.10.2

How to troubleshooting on this?

Best Regards,

rechard

0 Helpful

rechard_hk
Level 1
Level 1
In response to rechard_hk

‎10-08-2013 06:53 PM

Dear all,

do you have any advice?

Best Regards,

rechard

0 Helpful

Jan Hrnko
Level 4
Level 4
In response to rechard_hk

‎10-09-2013 02:52 AM

Hi Rechard,

do you think it would be possible to post sanitazed configuration files routers R1,R2 and maybe R3 as well? I just don't know where could the problem be and it is really to troubleshoot hard without any direct information.

i try to show : show ip nat tra but it nonthing come up .

Well, NAT is definitely not working. Are you sure, that the packets from LAN reach R2? Have you tried to do traceroute from some PC on the LAN?

Best regards,

Jan

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card