Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
376
Views
0
Helpful
1
Replies

Outside NAT

thomas.czerwinski
Level 1
Level 1

‎11-18-2005 03:42 PM - edited ‎03-03-2019 11:01 AM

I am in need of some router configuration help. I have 3030 concentrator that we use to connect to our customer sites via VPN. We have equipment at our customer locations that we support. We assign them an IP in the 172.20.x.x subnet to which we ask that they NAT on their end since the 3030 cannot perform this on our end. Some customer do this without any problems. Some are saying they will not perform the NAT. So, I need to add a router behind my 3030 and perform outside NAT. This is where I need help. My 3030 is something like this.

Public IP address

DMZ 10.10.10.0 This interface is where our servers are. this subnet is our customers remote network.

10.1.1.1 inside address.

I understand the concept. I'm just not sure of how to configure the router. Two ethernet interfaces? Which will be NAT inside? Which will be NAT outside. Also, I want to keep the customers who are willing to perform NAT on their end seperate from this. How will this effect the configuration? Any help MUCH appreciated.

Labels:
0 Helpful
1 Reply 1

Mikhail.Galiulin
Level 1
Level 1

‎11-21-2005 02:11 AM

I think that NAT Inside should be the interface from your side in this case, outside interface - interface from customers side.

Because you need to create access list to do NAT translation you can easy separate addresses which customers equipment translate itself from those which you have to translate yourself - just deny those IP addresses which customer translates itself and permit those which you have to translate in the access list.

Check these documents (as well as other about NAT on Cisco site) - there are a lot of examples there.

http://www.cisco.com/en/US/tech/tk648/tk361/technologies_tech_note09186a0080094e77.shtml

http://www.cisco.com/en/US/tech/tk648/tk361/technologies_tech_note09186a0080094430.shtml

//Mikhail Galiulin

0 Helpful
Customers Also Viewed These Support Documents