Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
748
Views
12
Helpful
5
Replies

NAT over WAN

cISCOJester
Level 1
Level 1

‎08-07-2006 11:28 AM - edited ‎03-03-2019 01:34 PM

In a general question, is it possible to have a remote LAN connected by a Point-to-Point where only half or some of the LAN's IP addresses are translated and the others are sent without translation?

This question arises from the need to have my IP phones addresses NOT translated or translated into the correct subnet of the Nortel phone server.

Please provide any information

Config outputs pending

Thank you

Labels:
0 Helpful
5 Replies 5

Edison Ortiz
Hall of Fame
Hall of Fame

‎08-07-2006 11:36 AM

Yes, implementing ACLs to include only the subnet you want to NAT and the other subnet on the deny statement.

Something like:

access-list 101 deny ip [nonat subnet]

access-list 101 permit ip [nat subnet]

ip nat inside source list 101 interface #### overload

cISCOJester
Level 1
Level 1
In response to Edison Ortiz

‎08-07-2006 11:50 AM

Thank you for the quick response.

My follow up quest then becomes:

Is it possible to translate private IP to private IP?

For example:

192.168.3.0 NATed to 192.168.2.0

with an ACL filtering out those that are destination public and those that remain private destination to my phone server?

Also, does NAT have to be in place on both routers?

It sems to me that NAT really only needs to be on the "hub" router.

Forgive the simple questions, new to some of the gory details.

Thank you for the info

JH

0 Helpful

Edison Ortiz
Hall of Fame
Hall of Fame
In response to cISCOJester

‎08-07-2006 12:46 PM

Yes, you can translate from private to private but the IP has to be routeable to the other end.

NAT does not need to be in place on both routers. The remote router needs to know about the translated network in order to route it back.

For instance, if you NAT to 192.168.2.0, you need to have a static or dynamic route pointing back to the originating router.

Wilson Samuel
Level 7
Level 7

‎08-08-2006 05:07 AM

Just a tip:

The best device to use for these kinds of requirements are on a PIX Firewall Box, as it enhancees the chances of having full control on the traffic pattern.

Regards,

Wilson Samuel

cISCOJester
Level 1
Level 1
In response to Wilson Samuel

‎08-08-2006 03:58 PM

Thank you Wilson,

Would PIX Firewall box be necessary on a stub network. The remote router has one connection out the Point to Point line to my main "hub" router. I was planning to use the security features in the software build i have and had not thought an additional piece of equipment would be necassary.

Also this remote router will be handling alot of VoIP traffic and have no information on the degradation of traffic or signal through an additional box.

Any information that you could provide would be great

Thank you both

JH

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card