Solved: NAT question

leoingle · ‎01-19-2020

So as I study for the CCNA, I set up a Cisco router behind my Ubiquiti home router that is connected to my DSL modem. After I configured the interfaces and default route, I was able to get out to the Internet from the router, but I could not reach the Internet with systems I had connected to the Cisco router. I could reach both interfaces on the Cisco router but that is where it died. Couldn't reach even the LAN side of my Ubiquiti router. As soon as I set up NAT Overload on the Cisco router, the systems could get to the Internet perfectly. My question is why did I need to set NAT up on the Cisco router when the Ubiquiti router is already doing NAT?

Muhammad Awais Khan · ‎01-19-2020

The reason behind that there is no Route defined in your Ubiquiti Router for the systems and LAN interface used to connect the Systems

Thats the reason it worked with you when you did PAT on Cisco Router as Ubiquiti Router already know the Router directly connected IP and all the traffic from your systems has been translated to Router IP Address which is known by your Uniquiti.

If you want to achieve without PAT for testing, you need to add Route on Ubiquiti Router for the Systems behind your Router and point that Route to your Cisco Router interface which is connecting to your Ubiquiti.

View solution in original post

Muhammad Awais Khan · ‎01-19-2020

The reason behind that there is no Route defined in your Ubiquiti Router for the systems and LAN interface used to connect the Systems

Thats the reason it worked with you when you did PAT on Cisco Router as Ubiquiti Router already know the Router directly connected IP and all the traffic from your systems has been translated to Router IP Address which is known by your Uniquiti.

If you want to achieve without PAT for testing, you need to add Route on Ubiquiti Router for the Systems behind your Router and point that Route to your Cisco Router interface which is connecting to your Ubiquiti.

leoingle · ‎01-19-2020

ok, that makes total sense. I completely over looked that aspect of it. For some reason, I was thinking it still had a destination IP of the WAN side of the Cisco router, but that isnt the case at all.

Thanks.

Muhammad Awais Khan · ‎01-19-2020

I am glad to hear that it clarified your query! Good luck and happy networking :)

Georg Pauwen · ‎01-20-2020

Hello,

when your Cisco router is connected to the Ubiquiti without NAT/PAT, you can reach the Internet from the Cisco router because the source IP address the Cisco router uses by default is that of the outgoing interface (the interface connected to the Ubiquiti). The Cisco router at that point is just another end device that gets an IP address from the Ubiquiti. Anything connected on the other side of the Cisco router cannnot reach the Internet because the Ubiquiti does not know about that network, and hence does not translate (NAT) that network. So you can either do NAT on the Cisco router (this is what you did), or you can configure the Ubiquiti to do NAT for the network connected to the LAN side of the Cisco. The latter is the preferred method. When you configure NAT on the Cisco AND the Ubiquiti, it is called double NAT, and certain PnP applications, as well as port forwarding, might not work properly...