11-10-2010 12:09 PM - edited 03-04-2019 10:25 AM
Hi All,
Our MPLS network consists of 15 remote offices, we are adding another office to our MPLS network, but it has the same LAN subnet (192.168.1.0/24) as one of our other remote offices. Is there any way to configure NAT on the Router so it uses a different subnet? If so, how would that is configured?
Solved! Go to Solution.
11-10-2010 02:05 PM
Ok...so if I only use the config for nat below. How from my main site do I access a server from the remote office? If I want to RDP to a server that is on the Remote LAN (192.168.1.3), I'm assuming I need more that just this config? Bear with me, I'm not very good at understanding NAT configs
ip nat inside source static network 192.168.1.0 192.168.5.0 mask 255.255.255.0
Brian
That statement should do it because it is static NAT. Each host should map to it's equivalent natted address eg.
192.168.1.1 -> 192.168.5.1
192.168.1.2 -> 192.168.5.2
192.168.1.3 -> 192.168.5.3
etc..
this is in contrast to a NAT pool which is dynamic (not static) NAT and this means you can only connect in to out and not out to in.
Jon
11-10-2010 12:46 PM
Hi All,
Our MPLS network consists of 15 remote offices, we are adding another office to our MPLS network, but it has the same LAN subnet (192.168.1.0/24) as one of our other remote offices. Is there any way to configure NAT on the Router so it uses a different subnet? If so, how would that is configured?
Brian
LAN -> fa0/0 router fa0/1 -> MPLS
int fa0/0
ip nat inside
int fa0/1
ip nat outside
ip nat inside source static network 192.168.1.0 192.168.5.0 mask 255.255.255.0
would NAT the internal addresses of 192.168.1.x to 192.168.5.x.
Couple of points -
1) i have used a static network NAT but you could use a NAT pool. Which one to use depends on whether you will be only initiating connections from the new office in which case you could use a NAT pool or whether you will also be initiating connections to the new office in which case you need a static NAT.
2) Obviously you will need to advertise the Natted subnet into the MPLS cloud ie. 192.168.5.x from the above example.
Jon
11-10-2010 01:32 PM
Thanks for the e-mailI Jon,
I'll need to use static nat since the connections will be initiating to the new office. I only need to get to 2 servers at this remote office. Any issues with the config below?
int fa0/0
ip nat inside
int fa0/1
ip nat outside
ip nat inside source static network 192.168.1.0 192.168.5.0 mask 255.255.255.0
ip nat inside source static 192.168.1.4 192.168.5.4
ip nat inside source static 192.168.1.5 192.168.5.5
router bgp 1
network 192.168.5.0
11-10-2010 01:47 PM
Thanks for the e-mailI Jon,
I'll need to use static nat since the connections will be initiating to the new office. I only need to get to 2 servers at this remote office. Any issues with the config below?
int fa0/0
ip nat inside
int fa0/1
ip nat outside
ip nat inside source static network 192.168.1.0 192.168.5.0 mask 255.255.255.0
ip nat inside source static 192.168.1.4 192.168.5.4
ip nat inside source static 192.168.1.5 192.168.5.5
router bgp 1
network 192.168.5.0
Brian
You shouldn't need both entries ie.
ip nat inside source static network 192.168.1.0 192.168.5.0 mask 255.255.255.0
ip nat inside source static 192.168.1.4 192.168.5.4
ip nat inside source static 192.168.1.5 192.168.5.5
you only need -
ip nat inside source static network 192.168.1.0 192.168.5.0 mask 255.255.255.0
and that would also include the other 2.
If however you want to restrict what can be accessed from the main site you could -
1) have the 2 specific statements as above
ip nat inside source static 192.168.1.4 192.168.5.4
ip nat inside source static 192.168.1.5 192.168.5.5
2) have a NAT pool for the other addresses in the new office. I'm assuming the new office needs to make outbound connections ??
with the above you couldn't initiate a connection to any 192.168.5.x address (other than .4 and .5) from any other site but all the clients could still get out from the new office. Obviously if you do that make sure you exclude 192.168.5.4/5 from the NAT pool.
Jon
11-10-2010 02:01 PM
Ok...so if I only use the config for nat below. How from my main site do I access a server from the remote office? If I want to RDP to a server that is on the Remote LAN (192.168.1.3), I'm assuming I need more that just this config? Bear with me, I'm not very good at understanding NAT configs
ip nat inside source static network 192.168.1.0 192.168.5.0 mask 255.255.255.0
11-10-2010 02:05 PM
Ok...so if I only use the config for nat below. How from my main site do I access a server from the remote office? If I want to RDP to a server that is on the Remote LAN (192.168.1.3), I'm assuming I need more that just this config? Bear with me, I'm not very good at understanding NAT configs
ip nat inside source static network 192.168.1.0 192.168.5.0 mask 255.255.255.0
Brian
That statement should do it because it is static NAT. Each host should map to it's equivalent natted address eg.
192.168.1.1 -> 192.168.5.1
192.168.1.2 -> 192.168.5.2
192.168.1.3 -> 192.168.5.3
etc..
this is in contrast to a NAT pool which is dynamic (not static) NAT and this means you can only connect in to out and not out to in.
Jon
11-10-2010 02:14 PM
Brian
Quick follow up to previous post. There can be issues using a source static network statement depending on IOS so if you do hit an issue then simply use the 2 specific NAT statements that you want to use for the servers you need to connect to and then create a NAT pool for the other IPs.
Jon
11-10-2010 03:30 PM
Thanks for the explanation and your help.
11-10-2010 03:47 PM
Brian
Apologies, there was a syntax error in that command, it should be -
ip nat inside source static network 192.168.1.0 192.168.5.0 /24
Jon
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: