Solved: where to place Simple static NAT

ken.adams · ‎10-26-2015

Good Morning,

First post, but i'm getting a bit confused on a relatively simple issue (I think)..

I have a requirement for a static NAT to access a camera on an internal subnet at a remote site (subnet is not routed to our head office). I am at head office and need to access the camera. I'm confused over where I need to place the NAT, as I go through multiple routers to get to the site.. my assumption is I place the static NAT on the router that connects to the destination subnet? R2 and R3 are at remote site, R1 is my local router to WAN.

so

ME -> R1 -(WAN tunnel)- R2 - R3 -> Camera

the 'ip nat enable' and 'ip nat source static .....' command goes on R3? using the interface that i'm coming in on (on R2-R3) subnet and IP address of camera in the statement?

R2 has a static route to the camera subnet and on R2, i can therefore ping the camera.. R1-R2 is the WAN portion and therefore R1 has no knowledge of camera subnet but after the NAT configuration is entered I should be able to use the interface on R3 (connecting to R2) to hit the camera?

thanks,

Ken

Jon Marshall · ‎10-26-2015

Ken

Yes apply it to R3 as long as R3's interface is reachable from your main site.

You don't want to do a one to one static using the interface IP of R3 though otherwise you will probably not have remote access to R3 so you want port forwarding or if there are spare IPs in the IP subnet connecting R2 to R3 you could use one of those and then do a one to one mapping.

So on R3's interface to R2 "ip nat outside" and R3's interface on camera subnet "ip nat inside".

Then for port forward -

"ip nat inside source static tcp <camera IP> <port num> interface <x/y> <port num>"

or like I say use one to one mapping with a spare IP.

Jon

View solution in original post

Jon Marshall · ‎10-26-2015

Ken