NAT for IP address migration

d-domjahn · ‎07-10-2012

hi there,

any idea how to solve this problem:

internet --- router -- PA-network -- asa --- intranet

our provider assigned PA address space (addresses from his range). I want to migrate to PI address space (our "own" public addresses) but keep the PA addresses for some weeks.

The PA address range is

Idea: use NAT on the router to translate each PA address to a PI address:

ip nat inside source static <existing PA host address> <new PI host address> extendable

to get something like this:

internet -- "Natted PI host address"-- router -- PA-host-addresses -- asa --- intranet

This workes, i. e., the PI host address is natted to the PA address by the router and a ping request from an internet host is answered.

But: contacting/pinging the PA-host address (which is used as the inside local address) doesn't work anymore (ping from external internet router displays "?????" which means "unknown packet type")

Any ideas?

Regards,

David

shijogeorge · ‎07-11-2012

I assume you are trying to ping PA address from an external router here and not from the router doing NAT.

If yes, that should be due to the fact that the ICMP reply message is also subject to NAT configured on router.

So the external router is receiving ICMP reply message with a source address of PI (due to NAT) whereas it's expecting a source IP of PA (to which it sent the Echo Request) .

HTH

Shijo George

DOMJAHN DAVID · ‎07-14-2012

Thanks a lot, Shijo!

Hm, I think I have to play with "ip nat inside destination" then...

HTH,

David