01-02-2008 09:48 AM - edited 03-05-2019 08:14 PM
I am trying to have users outside the network print to my internal printers. They can get to 10.234.8.x addresses on my end. I want to make 4 of those 10.234.8.x addresses hit 192.168.4.x addresses on my lan. I have added this command. Will this work?
ip nat inside source static 192.168.4.253 10.234.8.103
ip nat inside source static 192.168.4.246 10.234.8.102
ip nat inside source static 192.168.4.252 10.234.8.101
ip nat inside source static 192.168.4.251 10.234.8.100
01-02-2008 09:50 AM
Hi
yes that should work provided you have applied
ip nat inside
&
ip nat outside
to the relevant interfaces.
Jon
01-03-2008 08:57 AM
I have the following on the interfaces. e0/1 connects to outside router. Let me know if that looks right.
interface Ethernet0/0
ip address 10.234.8.1 255.255.255.0 secondary
ip address 192.168.15.248 255.255.255.0 secondary
ip address 204.154.17.20 255.255.255.0 secondary
ip address 192.168.4.145 255.255.0.0
no ip directed-broadcast
ip nat inside
interface Ethernet0/1
ip address 10.78.25.9 255.255.255.0
no ip directed-broadcast
ip nat outside
01-05-2008 12:49 PM
hi Vanduard,
according to your requirement u need users from subnet to use resources from different subnet and tow subnets at the same Ethernet interface u have to move one of both to the other interface and use ip nat outside with interface that has resources subnet.
Regards,
W.Amer
01-05-2008 12:58 PM
Yeah, it cannot be done that way. You want to NAT two devices that are connected to the same broadcast domain, and it can't be done. I'd honestly be surprised if it didn't just work fine with proxy-arp (which is evil, don't use it).
A couple of subinterfaces and some VLANs would fix you right up.
NS
01-06-2008 10:59 AM
e0/0 and e0/1 have differnet ip addresses and connect to differnet switches. One to my lan, one to another network via dedicated circuit. Even though the ip addresses are different and they connect to different switches, they are still in the same broadcast domain? Trying to think of a way to make this work. The only router I can configure in this scenario is the one listed. e0/0 and e0/1
01-06-2008 09:38 PM
vanguard
if you want to make nat between computers that have the same physical gateway but in different subnets, configure 802.1q trunk between your switch and the physical interface of the router.
here is the example:
for the router : http://www.hassairi.50megs.com/#trunkport
for the switch: http://www.hassairi.50megs.com/sw.html#trunk
but you will need to:
-have router supporting for 802.1q
-configure vlans in your switch
then apply ip nat inside/outside under the subinterfaces.
01-07-2008 06:51 PM
I understand a little bit better what you want to do, but I need to see your whole config.
You can't do static destination NAT, which is the translation of the destination address moving from outside to inside. You would have to configure several nat pools on the outside, and you would need that ip address to live on the outside of the device, not on the inside. Somewhat complicated.
It can't do just passthrough NAT - it needs the packets to actually be destined to an address on the NAT box, and that address has to be on the outside. Does that make sense?
NS
01-08-2008 11:42 AM
Here is the config. e0/1 connects to another router going offsite via dedicated circuit. That router has an address of 10.78.25.9, hence all the static routes pointing there. Remote sites recognize us as using the 10.234.8.x addresses. I want to allow them to hit a 10 address, but have that 10 address point to a 192.168.x.x ip on my local lan. What do you think?
!
version 12.0
service timestamps debug uptime
service timestamps log uptime
service password-encryption
!
hostname test
!
!
ip subnet-zero
clock timezone est 6
!
!
!
interface Ethernet0/0
ip address 204.x.x.20 255.255.255.0 secondary
ip address 192.168.4.145 255.255.255.0 secondary
ip address 10.234.8.1 255.255.255.0
no ip directed-broadcast
ip nat inside
!
interface Ethernet0/1
ip address 10.78.25.9 255.255.255.0
no ip directed-broadcast
ip nat outside
!
router igrp 1
redistribute connected
network 10.0.0.0
network 192.168.4.0
network 204.x.17.0
!
ip nat inside source static 192.168.4.253 10.234.8.103
ip nat inside source static 192.168.4.246 10.234.8.102
ip nat inside source static 192.168.4.252 10.234.8.101
ip nat inside source static 192.168.4.251 10.234.8.100
ip classless
ip route 10.1.204.49 255.255.255.255 10.78.25.1
ip route 10.5.2.2 255.255.255.255 10.78.25.1
ip route 10.9.2.12 255.255.255.255 10.78.25.1
ip route 10.16.2.0 255.255.255.0 10.78.25.1
ip route 10.16.23.0 255.255.255.0 10.78.25.1
ip route 10.16.101.46 255.255.255.255 10.78.25.1
ip route 10.16.101.60 255.255.255.255 10.78.25.1
ip route 10.16.101.64 255.255.255.255 10.78.25.1
ip route 10.74.0.0 255.255.0.0 10.78.25.1
ip route 10.74.2.2 255.255.255.255 10.78.25.1
ip route 10.74.2.14 255.255.255.255 10.78.25.1
ip route 10.74.2.30 255.255.255.255 10.78.25.1
ip route 200.200.200.65 255.255.255.255 10.78.25.1
ip http server
!
dialer-list 1 protocol ip permit
dialer-list 1 protocol ipx permit
01-12-2008 11:13 PM
ok, now i understand the question. it should works, i tried it in my lab and it works!
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide