I have a server that I need to move to another network whose IP address I can't change. For example, the server is on the 192.168.0.0/24 network with an IP of 192.168.0.100 and I need to move it to the 192.168.10.0/24 network. Each network has a gateway IP address of 192.168.x.1 and the routing is handled by a pair of Cisco 2951 routers.
Looking over the example Cisco configs, I see one using NAT that would allow clients to access a moved server at its old IP address. This of course depends on you being able to change the IP address of the server, so I guess what I'm looking for is something in reverse.
Is this something that can be acomplished by NAT or is there another technology that can be used?
I am not sure about your network environment but it is possible with One-2-One Mapping.
This link may help.
But again, If you need a help then please share the network diagrams.
Whats the reasoning you need to move this server over to another subnet if you cannot change its current ip address?
Does the server have multiple network cards? , if so, The simplest solution, depending on what type of services its running would be to attach that second nic to the new subnet and have the server accessible on both subnets?
Another possible option would to vlan translate between your server vlan and this new vlan.
@Deepak Kumar Thanks for the suggestion, I'll look into testing a one-to-one NAT configuration. I've also posted a simplified network diagram of my current setup. If you'd like to see the router configs just let me know, though they're very basic with nothing more than a vLAN on the interfaces facing the WAN. Hope this clears things up a bit!
@paul driver The IP address of the server can't be changed due to a very old piece of software that's running on it. I've spoken to the vendor at some length regarding this issue, but as they no longer support or even sell this software anymore, there isn't anything that can be done. It's a very bad situation to be in and this is part of the process that would allow me to move away from using it. If it's possible to simply install another network card and have the server connected to both networks simultaneously, then I'd much rather do that. Is this something that can be accomplished over a WAN connection?
Thanks again for the help guys, it's MUCH appreciated. Here's the diagram of the network:
I can understand that this is old server/Software. But One more quick question: IS there any feasibility for Loopback interface configuration on the server?
@Deepak Kumar Yep, I have full control over the server but I'd much rather accomplish this using the network. However I'm certainly open to all suggestions and would consider giving anything a shot at this point. What did you have in mind?
After seeing my diagram, is this something that can be accomplished with one-to-one NAT?
you May have a few options available to you but it depends on what accessibility you want for this server
We now know it’s original ip cannot be changed - but would this be for local access only - maybe I have missed this in your OP. But why does it need to be moved over to a new subnet?
is the server being physically relocated so it cannot be on the same subnet if so then yes nat would be a possible to do you just need to create a L3 subnet in the other location and nat on that subnet for external wan access
@paul driver The server is being physically moved to a new building and there's no way to keep it at the old location.
When you say "external WAN access" are you referring to the internet? The server doesn't need to be accessible from the internet, but it does need to be reachable from other sites on the WAN. In this case, the WAN is a simple layer 2 metro Ethernet connection provided by a local ISP. I have full control over the equipment connected to the WAN, so if you think there's a solution there I can certainly give it a shot.
Thanks again for the help!
1) create a l2/L3 vlan for that server at the new site
2) static pat ( domainless nat) This will allow local site users to connect to the server it via their own local subnet address to thie servers natted address
Also it will enable your wan users (in this case other sites) to access the server via the same natted address
This is all depends if you have a rtr to perform nat
Can the original poster tell us whether the network 192.168.0.0 is going away as the server is moved? Or is the server moving to the new location but the original location will continue to operate with subnet 192.168.0.0?
It seems to me that one solution would be to configure a static nat on the router identified as 192.168.10.1. This might what some refer to as a one to one translation. For example the static nat might translate 192.168.10.100 to 192.168.0.100. Users in the network would send packets to 192.168.10.100 and the router would translate them and send them to the server as 192.168.0.100.
One difficulty in this solution is how would the router communicate with the server? The router would need to arp for the server. But routers and other devices should arp only for things that are locally connected. The solution to this could be to configure a secondary address on the router (perhaps ip address 192.168.0.1 255.255.255.0 secondary). This would enable the router to arp and communicate with the server. If the original network 192.168.0.0 is going away then my suggestion works with no complications. If the original network will continue then we have an issue about how devices in the 192.168.10.0 network will communicate with devices in the original 192.168.0.0.
@Richard Burts Unfortunately the original network (192.168.0.0) is not going away and users will still need to access services on both the old and new (192.168.10.0) networks. I also don't have the option of changing that network either as there's too many third party devices that I have no configuration control over residing on that network.
With that in mind, Is there any way to overcome the issue of devices in the 192.168.10.0 network accessing devices in the 192.168.0.0 network?
I do not believe that we can completely eliminate the issue but we can certainly minimize the impact. In my suggestion I had the secondary address with a /24 mask. This was for simplicity and for consistency (assuming that most of your network uses /24 subnets.). But we can certainly use a different mask for the secondary address. The smaller we make the subnet of the secondary address the less impact. You need two addresses, one for the server and one for the router. So perhaps you could make the secondary address with a /30 mask. If the server really is at 192.168.0.100 then a /30 mask does not work since 192.168.0.100 is a subnet address and not a host address for a /30 subnet. So you might need a /29 mask.
For example you might use ip address 192.168.0.99 255.255.255.248 secondary on the router interface. This would enable forwarding to the server at 192.168.0.100 and would minimize the impact of accessing the rest of 192.168.0.0 from this router. It would have the impact that devices from 192.168.0.96 through 192.168.0.103 would not be accessible from this router. How significant would this be?