Hi Richard, thanks for your response. I've finally got around to doing this so hopefully it will work without major glitches. Unfortunately, it's something to do with their core routers but I've never seen this before. Regardless, this is what I have so far:

Cisco 800 has LAN address of 10.88.24.1 /24

• interface GigabitEthernet0/0
  description Internet
  ip address 10.88.24.2 255.255.255.0
  no ip redirects
  no ip proxy-arp
  ip nat outside
  ip virtual-reassembly in
  shutdown
  duplex auto
  speed auto
  no cdp enable
  !
  interface GigabitEthernet0/1
  description LAN Segment
  ip address 62.14.44.108 255.255.255.0 secondary
  no ip redirects
  no ip proxy-arp
  ip nat inside
  ip virtual-reassembly in
  shutdown
  duplex auto
  speed auto
  no cdp enable

ip nat pool BOATCLUB 10.88.24.20 10.88.24.254 netmask 255.255.255.0
ip nat inside source list 1 pool BOATCLUB
ip nat inside source static 62.14.44.47 10.88.24.15
ip route 172.18.0.0 255.255.0.0 62.14.44.254

How does that look to you?

There are several things in this to address:

- both interfaces are currently shutdown. That means they will not transmit or receive anything. You need to no shutdown on both interfaces.

- Gi0/1 has a secondary address but no primary address. Do you intend to have two IP addresses associated with this interface?

- the IP address assigned to Gi0/1 is a public IP address. It is not clear why you have a public IP here. Since you will be doing address translation I would have expected a private address.

- you have a pretty large pool of addresses for translation and they are in the subnet used by the ISP. Is this intentional? Does the ISP expect to receive traffic from that many addresses in this subnet?

HTH

Rick

Thanks for coming back

- I've put them in shutdown state for now, will enable them tomorrow morning

- That's a typo, GE-0/0 does not have a secondary address

This is the information I have received regarding the public IP, let's assume the 62 range is correct...

Proxy-server performs NAT for 172.18.0.0/24 network. This private network translates to real IP  62.14.44.32

So, the local network is 62.14.44.0 /24. The Cisco 1900 sees this network through Interface Gi0/1, which has an IP address from this it 62.14.44.0 /24 network

So does that mean I should be Natting the 172.18.0.0 /24 range?

I am glad that you are aware of the shutdown state and that it is intentional. I can only comment on what I see in the config since I have no information about your environment or about your plans.

I understand that the IP address is really primary and not secondary. I am still not understanding what is the intention for the LAN connected to Gi0/1. Are the devices connected in the LAN to be in network 172.18.0.0/24 and then to be translated to 62.148.14.32? Or are the connected devices in network 62.148.14.0? And if so then where is 172.18.0.0?

HTH

Rick

No worries, I do appreciate your feedback.

Yes you are right. The actual LAN is 172.18.0.0 /24 but is Natted by the local proxy to 62.148.14.0 /24

All PC's connected to Gi-0/1 will require Internet access via the Cisco 800's LAN (10.48.124.0 /24) hence the Natting on the Cisco 1900

Hopefully that makes sense :)

Thanks for the clarification. If the actual LAN is 172.18.0.0/24 then I would expect that the interface IP on the 1900 would be an address in that subnet. You would then configure the 1900 to NAT those addresses to the 62.148.14.0.

HTH

Rick

Thanks Richard, 

I'm having a problem at the moment in that I'm not learning routes for 10.88.24.0 /24 

Would I need to add a route on the Cisco 1900 directing all traffic to Cisco 800 (10.88.24.1)?

Here are my current routes:

C 10.88.24.0/24 is directly connected, GigabitEthernet0/0
L 10.88.24.2/32 is directly connected, GigabitEthernet0/0
L 10.88.24.12/32 is directly connected, GigabitEthernet0/0
62.0.0.0/8 is variably subnetted, 2 subnets, 2 masks
C 62.148.14.0/24 is directly connected, GigabitEthernet0/1
L 62.148.14.208/32 is directly connected, GigabitEthernet0/1
S 172.18.0.0/16 [1/0] via 62.148.14.254

I am not clear what you are saying here. You say that you are not learning routes for 10.88.24.0. But the route table that you show clearly has an entry for 10.88.24.0. Is there an issue about 10.88.24.0?

You certainly do need a default route on the 1900 with the IP of the 800 as the next hop.

HTH

Rick

Hi Richard, thanks for that. I have a similar scenario again whereby the Cisco 800 is unable to do NAT. Do you think this would do the trick?

Cisco 800 interface: 10.88.20.2

interface GigabitEthernet0/0
description WAN
ip address 10.88.20.1 255.255.255.0
no ip redirects
no ip proxy-arp
duplex auto
speed auto
no cdp enable

!

interface GigabitEthernet0/1
ip address 172.16.24.133 255.255.255.252 secondary
ip address 192.168.28.1 255.255.252.0
no ip redirects
no ip proxy-arp
ip nat inside
ip virtual-reassembly in
duplex auto
speed auto

!
ip forward-protocol nd
!
no ip http server
no ip http secure-server
!
ip nat pool BOWLA 10.88.20.60 10.88.20.200 netmask 255.255.255.0
ip nat inside source list 10 pool BOWLA
ip nat inside source static 192.168.188.12 10.88.20.11
ip nat inside source static 192.168.188.13 10.88.20.12
ip route 0.0.0.0 0.0.0.0 10.88.20.2
ip route 10.58.104.0 255.255.255.0 10.88.20.50
ip route 192.168.188.0 255.255.252.0 GigabitEthernet0/0 10.88.20.50

You need to add ip nat outside to interface Gig0/0

HTH

Rick