Solved: Bidirectional NAT on VLANS

kwojtyra · ‎03-17-2023

Hello, I have a problem, i must do bidirectional NAT between two VLAN. I have vlan 10 and vlan 20 address from vlan 10 for example 10.10.10.1 should nat to 10.10.20.1 (thats vlan 20) and from vlan 20, 10.10.20.1 to vlan 10, 10.10.10.1. The configuration is on Cisco 1101-4p router. I want to make it on one port with trunk enable.I have only few ip address to make NAT so i think it will be static NAT if i understand it correctly.

MHM Cisco World · ‎03-17-2023

No

ip nat inside source static 10.10.10.1 10.10.20.1 <<- this only

the VLAN for 10.10.10.x will be ip nat inside
the VLAN for 10.10.20.x will be ip nat outside

View solution in original post

MHM Cisco World · ‎03-17-2023

this is why the static NAT is bidirectional

View solution in original post

MHM Cisco World · ‎03-17-2023

Yes you are totally right,
you need bidirectional NAT and the only NAT that it Bidirectional is static NAT.

kwojtyra · ‎03-17-2023

So i must set on one interface for example gigabitethernet 0/1/0 switchport mode trunk, switchport trunk allowed vlan 10,20 then i make NAT witch command

ip nat inside source static 10.10.10.1 10.10.20.1

ip nat inside source static 10.10.20.1 10.10.10.1

Does it right?

MHM Cisco World · ‎03-17-2023

No

ip nat inside source static 10.10.10.1 10.10.20.1 <<- this only

the VLAN for 10.10.10.x will be ip nat inside
the VLAN for 10.10.20.x will be ip nat outside

kwojtyra · ‎03-17-2023

But if i do ony one command , how it will translate the other side?

MHM Cisco World · ‎03-17-2023

this is why the static NAT is bidirectional

kwojtyra · ‎03-20-2023

I made Router on a Stick to check it is working properly. I can ping from PC1 192.168.10.1 to PC2 192.168.20.1 and from PC 2 to PC1.

After command

ip nat inside source static 192.168.10.1 192.168.20.1

it does not translate it.

How to fix it?

MHM Cisco World · ‎03-20-2023

PC1 192.168.10.1 to PC2 192.168.20.1
since the .20.1 is use by PC2 you can not use anymore for NAT instead use

ip nat inside source static 192.168.10.1 192.168.20.10

from the 10.1 ping 20.1
from 20.1 ping 20.10

kwojtyra · ‎03-20-2023

Do i need set on subinterfaces vlan 10 ip nat inside and vlan 20 ip nat outside or that should work without any other command?

MHM Cisco World · ‎03-20-2023

Yes you need
vlan 10 ip nat inside
vlan 20 ip nat outside

kwojtyra · ‎03-20-2023

But does it translate vlan 10 -> vlan 20 ip address and from vlan 20 -> vlan 10 nat, it must translate for example 10.2 to 20.2 and from other side 20.2 to 10.2

kwojtyra · ‎03-22-2023

Ok, now I can ping from station to station. When I ping from PC1 to PC2 i have an anwser with nat IP address but from station 2 to station 1 i have received no transleted IP address.

balaji.bandi · ‎03-17-2023

Not sure why you like to do NAT RF1918 IP address and they are VLAN 10 and VLAN 20 ?

example here :

x.x.x.x external IP address - when the user connect to x.x.x.x - it will translate to internal ip y.y.y.y (this your internal Server) that what you doing NAT.

ip nat inside source static y.y.y.y x.x.x.x

Good referece and each understand :

https://www.practicalnetworking.net/series/nat/static-nat/

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help