cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
382
Views
0
Helpful
5
Replies
Highlighted
Beginner

resolved - NAT issue between my 2 sites

Hello all,

I need your help today because of NAT with i'm not really familiar.

As you can see on the schema bellow, I have a site A and a site B linked with a VPN, site A is in 10.213.128.0/24 and site B in 10.212.186.0/24.

Both network are routed and everything works for ages.

On an other floor of the site B, we bought a society and we want to run some tests before integrate them to our network, that's the reason of the NAT.

I want to go through our B site network to reach the B' site network from our A site using NAT configuration. At this moment I don't have any access to B' network.

On the B site I have a 1721 cisco router with one WAN port with a VPN to site A, and one LAN port where I created 2 virtual interfaces :

int fast 0/1.1int fast 0/1.2

desc to_site_B'

encapsulation dot1q 1 native

ip address 10.0.1.254 255.255.255.0

desc to_site_B

encapsulation dot1q 2

ip address 10.212.186.254 255.255.255.0

On my switch on B site the port 1 is trunked for the vlan 1 and 2.

All other ports are on access mode vlan 2, except port 24 on access mode vlan 1 to reach the B' site.

With this configuration I'm able to ping every devices on B' site from my router on B site.

Here is the hard part, the NAT.

For exemple I have a free IP address 10.212.186.70 which I want to NAT to the IP 10.0.1.2 to be able to connect to the B' site switch from my site A.

Whether I put "ip nat outside" on the Fa0/0 and "ip nat inside" on the Fa0/1.1 or the inverse, and "ip nat inside source static 10.0.1.2 10.212.186.70"

I never can telnet the switch.

The command "sh ip nat translations" always shows half of the table filled in, depends of the interface where the "ip nat inside/outside" is put.

Do I have to use the command "ip nat pool A_to_B_NAT_Pool x.x.x.x x.x.x.x prefix-length " ?

On the different tutorial I read only "ip nat inside/outside" and "ip nat inside source static...." is needed.

Some time the ping succeed, but I think it is fake because with the same configuration if I NAT a free IP address 10.0.1.x the ping also works.

NAT schema.jpg

If you can bring me any help to understand this NAT configuration this could be great.

thx

5 REPLIES 5
Highlighted

ok i first i tell you what i get, you want telnet 10.1.0.2 from site A ,i thing i am right.

i want know something

first

is this switch layer three .

second did you configure ip default address on switch

on which port you configure nat inside and nat outside of router

Highlighted

ok then

in this case 

no ip nat inside source static 10.0.1.2 10.212.186.70

this comment is for inside to outside nat

the comment is

ip nat source static 10.0.1.2 10.212.186.70

Highlighted

hello,

first thanks for your answer.

My switch are all layer 2.

yes I want to telnet the device 10.0.1.2 from site A.

At this time, Fa0/0 is inside nat and Fa0/1.1 is outside nat.

I will try your comment.

Highlighted

or you have to configure a acl on router

conf t

ip access-list standard 1

10 permit 10.1.0.2

Highlighted

I finally resolve my issue.

It seems that the Cisco router 1841 with the IOS C1841-ADVIPSERVICESK9-M when it receive a packet, first route it and then do the NAT.

As I wanted to NAT IP address from VLAN 1 with IP address from my VLAN 2 (which I know from my site A), the router was lost.

I find that because the "sh ip nat translations" never show any translations.

So I route a new subnet to site B which is not used there, and I NAT my IP address from VLAN 1 with this subnet.

By doing this, the router is no more lost, because it do not do any routing before nating.

Hope I was clear.

Thx for your help.