10-24-2008 12:18 PM - edited 03-06-2019 02:08 AM
First off. Fe0/1 is "ip nat outside", Fe0/0 is "ip nat inside" and Se0/1 isn't a nat interface on R1. On R2; I have Se0/1 which isn't a nat interface, Fe0/0 which is "ip nat inside" and Fe0/1 which is "ip nat outside".
My ISP has given me some IP addresses that are pointed at 11.11.11.11 and I normally just go through the motions of nat'ing them to Fe0/0. I have a situation where I need one of the IP addresses that my ISP has pointed to 11.11.11.11 to go to the 192.168.2.0/24 network. I have to put a webserver there. I can't figure this out. Any ideas?
10-24-2008 12:28 PM
Steven
I'm a little bit confused. Lets say the IP address supplied by ISP is 195.177.10.10
ip nat inside source static 195.177.10.10 192.168.2.7
where 192.168.2.7 is the web server.
On the s0/1 interface on R1
int s0/1
ip nat inside
Jon
10-24-2008 01:10 PM
I don't want to NAT on that interface, do I? What effect will that have on the routing between the two sites? I don't want NAT between the LAN's of both sites. Meaning... if I hit a box on the 192.168.1.0/24 network from 192.168.2.15 I want the source IP address to be 192.168.2.15. Does that make sense?
10-24-2008 01:24 PM
"Meaning... if I hit a box on the 192.168.1.0/24 network from 192.168.2.15 I want the source IP address to be 192.168.2.15. Does that make sense?"
Yes makes sense and it won't NAT or put it another way it will only NAT what you tell it to NAT. By putting "ip nat inside" under the s0/1 interface this does not mean all traffic coming in on that interface will be natted.
What will get natted is 192.168.2.7 but even that would only get natted if it goes out through the fa0/1 interface because that has an "ip nat outside" statement under the interface.
Jon
10-24-2008 01:45 PM
Ok. What about s0/1 on R2? Since fa0/0 on R2 is "ip nat inside" does it need to be "ip nat outside"?
I don't understand the purpose of the "ip nat outside/inside" statements applied to interfaces. I was always just told I needed them to translate a "public" IP to a "private" IP. Can you point me to something that will clarify what happens when those are applied to interfaces? Thanks Jon.
10-24-2008 01:54 PM
"Ok. What about s0/1 on R2? Since fa0/0 on R2 is "ip nat inside" does it need to be "ip nat outside"?"
No because you don't need to NAT the packet twice. If you do the NAT on R1 then you can just leave the packet alone on R2 and just route it.
"I was always just told I needed them to translate a "public" IP to a "private" IP."
They do but it is important to realise that just by putting these statements under interfaces does not mean traffic will be natted. You need to either then add further config to your router eg.
On router R1
dynamic nat
access-list 101 permit ip 192.168.1.0 0.0.0.255 any
ip nat inside source list 101 interface fa0/1 overload
This would NAT all 192.168.1.0/24 source addresses to 11.11.11.11 id the traffic was going out of the fa0/1 interface. It would dynamically NAT it because all 192.168.1.x addresses are hidden behind the 11.11.11.11 address.
or you can use static NAT - see my previous post for an example.
Also have a look at this doc on NAT and if you have further questions then come back.
Jon
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide