Solved: Is 1:1 NAT the right solution to my problem?

SimonSauer5881 · ‎11-12-2020

Hello!
I'm currently facing a problem with multiple duplicate IP-address ranges.
These ranges have clients with identical IP-addresses.

Heres a sketch of my network:

The clients need to communicate with eachother.

To do that I thought 1:1 NAT could be a possible solution without adding any other network component.
My understanding of 1:1 NAT is that it takes the IP-address range of e.g. PC1 and translates it to a virtual IP range.

The clients would then be reachable thru the virtual IP address.

Would this soultion work or are there any issues involved in this?

Of course I then would upgrade to a layer 3 switch that actually has the 1:1 NAT functionality.

Georg Pauwen · ‎11-12-2020

Hello,

NAT would indeed work, but you need more than one layer 3 device (switch or router). The reason is that if every PC is in the same subnet, you need a NAT inside interface in that same subnet as well. A layer 3 device will only allow one interface per range.

View solution in original post

Georg Pauwen · ‎11-12-2020

Hello,

NAT would indeed work, but you need more than one layer 3 device (switch or router). The reason is that if every PC is in the same subnet, you need a NAT inside interface in that same subnet as well. A layer 3 device will only allow one interface per range.

SimonSauer5881 · ‎11-12-2020

Thanks for the answer Georg!

So I basically need one layer 3 device on every subnet that I want to NAT?

I found this example from the documentation of IE3300 Rugged Series switch:

So I guess there is no way to only use one layer 3 device to let the clients communicate with each other, am I right?

Georg Pauwen · ‎11-12-2020

Hello,

exactly. What it comes down to is that any layer 3 device will give you an error message and not allow you to put an IP address from the same subnet on two local interfaces. The example you posted has two switches as well, one for each inside/outside.