08-07-2006 11:28 AM - edited 03-03-2019 01:34 PM
In a general question, is it possible to have a remote LAN connected by a Point-to-Point where only half or some of the LAN's IP addresses are translated and the others are sent without translation?
This question arises from the need to have my IP phones addresses NOT translated or translated into the correct subnet of the Nortel phone server.
Please provide any information
Config outputs pending
Thank you
08-07-2006 11:36 AM
Yes, implementing ACLs to include only the subnet you want to NAT and the other subnet on the deny statement.
Something like:
access-list 101 deny ip [nonat subnet]
access-list 101 permit ip [nat subnet]
ip nat inside source list 101 interface #### overload
08-07-2006 11:50 AM
Thank you for the quick response.
My follow up quest then becomes:
Is it possible to translate private IP to private IP?
For example:
192.168.3.0 NATed to 192.168.2.0
with an ACL filtering out those that are destination public and those that remain private destination to my phone server?
Also, does NAT have to be in place on both routers?
It sems to me that NAT really only needs to be on the "hub" router.
Forgive the simple questions, new to some of the gory details.
Thank you for the info
JH
08-07-2006 12:46 PM
Yes, you can translate from private to private but the IP has to be routeable to the other end.
NAT does not need to be in place on both routers. The remote router needs to know about the translated network in order to route it back.
For instance, if you NAT to 192.168.2.0, you need to have a static or dynamic route pointing back to the originating router.
08-08-2006 05:07 AM
Just a tip:
The best device to use for these kinds of requirements are on a PIX Firewall Box, as it enhancees the chances of having full control on the traffic pattern.
Regards,
Wilson Samuel
08-08-2006 03:58 PM
Thank you Wilson,
Would PIX Firewall box be necessary on a stub network. The remote router has one connection out the Point to Point line to my main "hub" router. I was planning to use the security features in the software build i have and had not thought an additional piece of equipment would be necassary.
Also this remote router will be handling alot of VoIP traffic and have no information on the degradation of traffic or signal through an additional box.
Any information that you could provide would be great
Thank you both
JH
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide