I need your help today because of NAT with i'm not really familiar.
As you can see on the schema bellow, I have a site A and a site B linked with a VPN, site A is in 10.213.128.0/24 and site B in 10.212.186.0/24.
Both network are routed and everything works for ages.
On an other floor of the site B, we bought a society and we want to run some tests before integrate them to our network, that's the reason of the NAT.
I want to go through our B site network to reach the B' site network from our A site using NAT configuration. At this moment I don't have any access to B' network.
On the B site I have a 1721 cisco router with one WAN port with a VPN to site A, and one LAN port where I created 2 virtual interfaces :
|int fast 0/1.1||int fast 0/1.2|
encapsulation dot1q 1 native
ip address 10.0.1.254 255.255.255.0
encapsulation dot1q 2
ip address 10.212.186.254 255.255.255.0
On my switch on B site the port 1 is trunked for the vlan 1 and 2.
All other ports are on access mode vlan 2, except port 24 on access mode vlan 1 to reach the B' site.
With this configuration I'm able to ping every devices on B' site from my router on B site.
Here is the hard part, the NAT.
For exemple I have a free IP address 10.212.186.70 which I want to NAT to the IP 10.0.1.2 to be able to connect to the B' site switch from my site A.
Whether I put "ip nat outside" on the Fa0/0 and "ip nat inside" on the Fa0/1.1 or the inverse, and "ip nat inside source static 10.0.1.2 10.212.186.70"
I never can telnet the switch.
The command "sh ip nat translations" always shows half of the table filled in, depends of the interface where the "ip nat inside/outside" is put.
Do I have to use the command "ip nat pool A_to_B_NAT_Pool x.x.x.x x.x.x.x prefix-length " ?
On the different tutorial I read only "ip nat inside/outside" and "ip nat inside source static...." is needed.
Some time the ping succeed, but I think it is fake because with the same configuration if I NAT a free IP address 10.0.1.x the ping also works.
If you can bring me any help to understand this NAT configuration this could be great.
ok i first i tell you what i get, you want telnet 10.1.0.2 from site A ,i thing i am right.
i want know something
is this switch layer three .
second did you configure ip default address on switch
on which port you configure nat inside and nat outside of router
in this case
no ip nat inside source static 10.0.1.2 10.212.186.70
this comment is for inside to outside nat
the comment is
ip nat source static 10.0.1.2 10.212.186.70
first thanks for your answer.
My switch are all layer 2.
yes I want to telnet the device 10.0.1.2 from site A.
At this time, Fa0/0 is inside nat and Fa0/1.1 is outside nat.
I will try your comment.
I finally resolve my issue.
It seems that the Cisco router 1841 with the IOS C1841-ADVIPSERVICESK9-M when it receive a packet, first route it and then do the NAT.
As I wanted to NAT IP address from VLAN 1 with IP address from my VLAN 2 (which I know from my site A), the router was lost.
I find that because the "sh ip nat translations" never show any translations.
So I route a new subnet to site B which is not used there, and I NAT my IP address from VLAN 1 with this subnet.
By doing this, the router is no more lost, because it do not do any routing before nating.
Hope I was clear.
Thx for your help.