cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1824
Views
0
Helpful
9
Replies

NAT through 2 routers

AvidPontoon1
Level 1
Level 1

I have this simple topology

 

ISP CONNECTION

|

|

ISR ROUTER

(Lan: 10.11.11.254/24 - g0/0)

|

|

(Wan: 10.11.11.25/24 - fa0/1)

ROUTER 1

(Lan: 192.168.254.254/24 - fa0/0)

|

|

(Wan: 192.168.254.5/24 - fa0/1)

ROUTER 2

(Lan: 10.1.1.253/24 - fa0/0)

 

My workstation is on the LAN side of router 2 with the ip address 10.1.1.51/24. The link between Router 1 and router 2 is a point to point kit that allows the network to communicate over to an outer building. These ptp access points have ip addresses on the 192.168.254.0/24 network. I would like go be able to access the Web interface of the ptp access points from the lan of router 2. How would I configure NAT on router 1 and router 2 to allow me to access these Web interfaces? We cannot do any configuration changes on ISR ROUTER as it is managed by our ISP. 

 

Please could someone help with the NAT configs so I can get access to the network between ISR and Router 1 from Router 2 LAN and then still be able to access the Internet from the ISR router? 

9 Replies 9

Dennis Mink
VIP Alumni
VIP Alumni

on router two, I would pick an IP address 10.1.1.x/24 range that is not used, for instance 10.1.1.253 and NAT that into 192.168.254.254 .

Please remember to rate useful posts, by clicking on the stars below.


@Dennis Mink wrote:

on router two, I would pick an IP address 10.1.1.x/24 range that is not used, for instance 10.1.1.253 and NAT that into 192.168.254.254 .


Hi Dennis. I was more looking for some commands. And the ip address 10.1.1.253 is being used. I don't understand wat you mean? 

Zanthra
Level 1
Level 1

Are the PTP access points on the same LAN as the link between Router 1 and Router 2 (they have IP addresses on the same subnet)? If so than no special configuration should be required on Router 2 to get access to them from the LAN behind router 2, and Router 1 won't be involved in routing at all.


@Zanthra wrote:

Are the PTP access points on the same LAN as the link between Router 1 and Router 2 (they have IP addresses on the same subnet)? If so than no special configuration should be required on Router 2 to get access to them from the LAN behind router 2, and Router 1 won't be involved in routing at all.


The ptp links are between the ISR router and Router 1. They have the ip address of 192.168.254.3 and 192.168.254.7. My computer will sit behind Router 2 with the ip 10.1.1.51.

 

Do I just issue the 'ip nat inside' or 'ip nat outside' commands? Or do I have to specify an access list?

Something does not seem right.

 

Where is the 192.168.254.0/24 network used? Are there two separate Level 2 networks with the same IP network used on them? You say the link between Router 1 and Router 2 is 192.168.254.0/24, and the network between the ISR and Router 1 is 10.11.11.0/24.

 

If the PTP devices are between the ISR and Router 1 but on the 192.168.254.0/24 network, there is either more to the network, or an error somewhere.


@Zanthra wrote:

Something does not seem right.

 

Where is the 192.168.254.0/24 network used? Are there two separate Level 2 networks with the same IP network used on them? You say the link between Router 1 and Router 2 is 192.168.254.0/24, and the network between the ISR and Router 1 is 10.11.11.0/24.

 

If the PTP devices are between the ISR and Router 1 but on the 192.168.254.0/24 network, there is either more to the network, or an error somewhere.


The 192.168.254.0/24 network is only between Router 1 and Router 2. This is just a random subnet as all the network does is get a link across to router 2. This is because we are only allowed one DHCP/Static address from the ISR router. To combat this I decided to put Router 1 in. Otherwise we would have been using two IP's and this would not be allowed.

 

Does that make sense?

If the 192.168.254.0/24 network is only between Router 1 and Router 2, how did the PTP links get IP addresses in it? What layer 2 network are they on? If they were between the ISR and Router 1 it would suggest they are sharing Layer 2 with the 10.11.11.0/24 network which would be a very confusing setup, and likely to make the NAT communication you want impossible.


@Zanthra wrote:

If the 192.168.254.0/24 network is only between Router 1 and Router 2, how did the PTP links get IP addresses in it? What layer 2 network are they on?


Router 1 has dhcp running on it and so gives each PTP an ip address. They use Router 1 as the Default Gateway (192.168.254.254)

If that's the case, then they must be on the LAN side of Router 1, and that puts them between Router 1 and Router 2, and makes things easier. 

 

This document explains it better than I can, although you only have the one inside interface of 10.1.1.253 and the one outside interface of 192.168.254.5 and your ACL needs to cover all hosts on Router 2's LAN.

 

Configuring NAT to Allow Internal Users to Access the Internet Using Overloading

https://www.cisco.com/c/en/us/support/docs/ip/network-address-translation-nat/13772-12.html#topic5

 

PS: The IP addresses I mentioned are for Router 2's configuration. If Router 1 does not have NAT configured yet either, you will have to repeat the configuration on Router 1 with Router 1's inside and outside facing addresses.

Review Cisco Networking for a $25 gift card