Solved: I needed to apply just one

ftn000001 · ‎06-01-2016

I am trying to make two embedded systems on two unconnected networks to talk to each other using a 1921 Cisco router.

Machine A: 10.200.64.1 should think it communicates with 10.200.64.104
Machine B: 192.168.0.186 should think it communicates with 192.168.0.51

Configuration snippets:

interface GigabitEthernet0/0
 ip address 10.200.64.104 255.255.254.0
 ip nat outside
 no ip virtual-reassembly in

interface GigabitEthernet0/1
 ip address 192.168.0.51 255.255.255.0
 ip nat inside
 no ip virtual-reassembly in


ip nat inside source static 192.168.0.186 10.200.64.104
ip nat outside source static 10.200.64.1 192.168.0.51

I was hoping to get this to work without configuring routes/gateways on the two embedded systems. This almost seem to work: when I send an UPD packet form 10.200.64.1 to 10.200.64.104, machine B, at 192.168.0.186 receives it with SA 192.168.0.51. However, the other way back is not working. When I send a packet from 192.168.0.186 to 192.168.0.51, I get a reply "Destination unreachable (Port unreachable)".

Would you have any suggestions for me to get the return path working? Or am I just trying to do something impossible?

Philip D'Ath · ‎06-01-2016

Since you are using 1:1 NAT don't make the NAT IP address the same as what is configured on the router interfaces.

Change the IP address on both the router interfaces (but keep them in the same subnet) and it should work.

View solution in original post

Philip D'Ath · ‎06-01-2016

Since you are using 1:1 NAT don't make the NAT IP address the same as what is configured on the router interfaces.

Change the IP address on both the router interfaces (but keep them in the same subnet) and it should work.

ftn000001 · ‎06-02-2016

Thank you for the suggestion. Unfortunately, the results are the same as while using the IP address of the router itself

These are the new NAT rules:

ip nat inside source static 192.168.0.186 10.200.64.103
ip nat outside source static 10.200.64.1 192.168.0.50

Also with these settings, I am able to send an UDP packet form 10.200.64.1 to 10.200.64.103 , which is received by 192.168.0.186 with SA 192.168.0.50.
In the other way round, when I send an UDP packet from 192.168.0.186 to 192.168.0.50, I still get the reply "Destination unreachable (Port unreachable)".

Of what I have found, for example on this thread, I have to setup a route on the Cisco router. Currently I haven't set up any route. However, I haven't been able to figure out how to configure the route for my purpose.

ftn000001 · ‎06-02-2016

I needed to apply just one more change. It stroke me that the bevaviour from outside to inside was different from the inside to outside behavior. So I removed the inside and outside definitions of the two interfaces and configured them with "ip nat enable" instead.

Now it's working as intended

Machine A: 10.200.64.1 thinks it communicates with 10.200.64.103
Machine B: 192.168.0.186 thinks it communicates with 192.168.0.50

These are the NAT rules:

ip nat inside source static 192.168.0.186 10.200.64.103
ip nat outside source static 10.200.64.1 192.168.0.50

interface GigabitEthernet0/0
 ip address 10.200.64.104 255.255.254.0
 ip nat enable

interface GigabitEthernet0/1
 ip address 192.168.0.51 255.255.255.0
 ip nat enable

David_Che · ‎06-01-2016

Does "IP Proxy-ARP " accomplish your goal rather than twice NAT? I am curious really.

ftn000001 · ‎06-02-2016

Thank you for the suggestion. Of what I understand from the documentation, it would only be applicable if both machine are on a close subnet.

For the two IP ranges that I have got, I would have to configure one of the machines to use subnet mask 0.0.0.0, which is also not really desired.

Source and Distination NAT issue