cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
2029
Views
0
Helpful
15
Replies

NAT to allow multiple users access to another subnet

kenneth-goh
Level 1
Level 1

I need to use NAT on R1 to allow users from 192.168.26.0/24 access to 172.16.26.0/24.

Can NAT be done to translate users from 192.168.26.0/24 to 172.16.26.0/24 via R1 loopback interface ip 3.3.3.3 or any other alternative? Thanks in advance.

NAT issue.png

 

15 Replies 15

Hi

If the NAT will be done on R1 and it will applied for the entire /24 network you could use static NAT generating other subnet (but not sure if are not able to create static routes or networks) 

 

You could have:

 

R1

 

int lo 26

ip address 10.16.26.1 255.255.255.0

 

ip nat inside source static network 172.16.26.0 10.16.26.0 mask /24

 

R2

ip  route 10.16.26.0 255.255.255.0 2.2.2.2

 

If you enable a debug on R1 (debug ip nat) you will see that the private network will match with the NAT network, for example:

 

If you make a ping from the computer with IP 172.16.26.50 to any destination on R2, the used NAT IP will be: 10.16.26.50.

 

Hope it is useful

:-)




>> Marcar como útil o contestado, si la respuesta resolvió la duda, esto ayuda a futuras consultas de otros miembros de la comunidad. <<

As shown below, there is no option 'network' option after ip nat inside source list

R1(config)#ip nat inside source list ?
  <1-2699>  Access list number for local addresses
  WORD      Access list name for local addresses

 

The source needs to be from 192.168.26.1 on R2 to any hosts in 172.16.26.0/24 (in this case R4 & R5)

 

Hi

Apologies, it is: ip nat inside source static network x.x.x.x y.y.y.y /24




>> Marcar como útil o contestado, si la respuesta resolvió la duda, esto ayuda a futuras consultas de otros miembros de la comunidad. <<

I would like source hosts in 192.158.26.0/24 to ping to 3.3.3.3 & 172.16.26.0/24 addressee will reply to the ping. Can the configuration achieve that?

*Mar  1 00:13:37.775: NAT*: s=192.168.26.100, d=3.3.3.3->172.16.26.0 [59111]

The traffic is not reaching the actual destination (172.16.26.4) when I ping to 3.3.3.3

 

ip nat inside source static network 172.16.26.0 3.3.3.3 /32

 

R1#sh ip nat translations
Pro Inside global      Inside local       Outside local      Outside global
--- 3.3.3.3            172.16.26.0        ---                ---

 

R1#sh ip nat statistics
Total active translations: 1 (1 static, 0 dynamic; 0 extended)
Outside interfaces:
  FastEthernet1/0
Inside interfaces:
  FastEthernet0/0
Hits: 23  Misses: 1
CEF Translated packets: 8, CEF Punted packets: 0
Expired translations: 6
Dynamic mappings:
Appl doors: 0
Normal doors: 0
Queued Packets: 0

 

 

Hi

Yes, the configuration will achieve that It is part of routing, you must add a static routes or default route in R1 pointing as next hop R2's IP address. About IP 3.3.3.3, the packets from R3 will not pass through the outside NAT interface because it is locally configured on R1. Between R3 and R1 should be communication through static routes or dynamic routing protocols, Im going to provide you the configuration to apply. 

 

:-)




>> Marcar como útil o contestado, si la respuesta resolvió la duda, esto ayuda a futuras consultas de otros miembros de la comunidad. <<

Let me know what is missing? These routes below allows R1 to ping to both R2 and R3

R1 routes

ip route 172.16.26.0 255.255.255.0 1.1.1.2
ip route 192.168.26.0 255.255.255.0 2.2.2.1

 

R2 routes

ip route 0.0.0.0 0.0.0.0 2.2.2.2

 

R3 routes

ip route 0.0.0.0 0.0.0.0 1.1.1.1

R1#debug ip nat
IP NAT debugging is on

*Mar 1 00:10:13.039: NAT*: s=192.168.26.100, d=3.3.3.3->172.16.26.0 [18118]
*Mar 1 00:10:14.963: NAT*: s=192.168.26.100, d=3.3.3.3->172.16.26.0 [18118]
*Mar 1 00:11:15.331: NAT: expiring 3.3.3.3 (172.16.26.0) tcp 23 (23)

 

When 192.168.26.100 ping/ telnet to 3.3.3.3, 172.16.26.4 is not replying.

Correct me if I am wrong, 172.16.26.0 appears to be a host instead of network 172.16.26.0/24?

R1(config)#ip nat inside source static network 172.16.26.0 ? <-- There is no option for subnet mask
  A.B.C.D  Inside global network

 

Hi

The command is:

ip nat inside source static network 172.16.26.0 10.16.26.0 /24  (mask is just a representation)

So you will translate the network 172.16.26.0 to 10.16.26.0 they will have the same subnet mask. It will useful when you want to ping an specific IP from R2.

 

For example: if you want to ping the IP 172.16.26.55 from R2 you will execute 10.16.26.55. It can be visible executing a debug ip nat on R1




>> Marcar como útil o contestado, si la respuesta resolvió la duda, esto ayuda a futuras consultas de otros miembros de la comunidad. <<

R1#sh run | in ip route
ip route 172.16.26.0 255.255.255.0 1.1.1.2
ip route 192.168.26.0 255.255.255.0 2.2.2.1

R2#sh run | in ip route
ip route 0.0.0.0 0.0.0.0 2.2.2.2
ip route 3.3.3.3 255.255.255.255 2.2.2.2

R3#sh run | in ip route
ip route 0.0.0.0 0.0.0.0 1.1.1.1

 

ip nat inside source static network 172.16.26.0 192.168.26.0 /24

R2#ping 3.3.3.3 source 192.168.26.1 <-- ping to 3.3.3.3 fails

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 3.3.3.3, timeout is 2 seconds:
Packet sent with a source address of 192.168.26.1
.....

R1#debug ip nat

*Mar  1 00:06:23.323: NAT: s=3.3.3.3, d=192.168.26.1->172.16.26.1 [19]

 

Destination 172.16.26.4 (R4) is not responding when R2 ping 3.3.3.3 on R1.

Hi

Do you have the entry into the routing table for the IP or subnet 192.168.26.x on R1? could you please share the R1's show ip route output?




>> Marcar como útil o contestado, si la respuesta resolvió la duda, esto ayuda a futuras consultas de otros miembros de la comunidad. <<

R1#show ip route
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
       E1 - OSPF external type 1, E2 - OSPF external type 2
       i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
       ia - IS-IS inter area, * - candidate default, U - per-user static route
       o - ODR, P - periodic downloaded static route

Gateway of last resort is not set

     1.0.0.0/24 is subnetted, 1 subnets
C       1.1.1.0 is directly connected, FastEthernet0/0
     2.0.0.0/24 is subnetted, 1 subnets
C       2.2.2.0 is directly connected, FastEthernet1/0
     3.0.0.0/32 is subnetted, 1 subnets
C       3.3.3.3 is directly connected, Loopback0
     172.16.0.0/24 is subnetted, 1 subnets
S       172.16.26.0 [1/0] via 1.1.1.2
S    192.168.26.0/24 [1/0] via 2.2.2.1
R1#

R2 ping to 3.3.3.3 source 192.168.26.1 works when NAT is remove.

ip nat inside source static network 172.16.26.0 192.168.26.0 /24

There are routes for R1 to ping to 192.168.26.1 and 172.16.26.4

Hello,

 

on a side note, and assuming that this is a lab, what routing IS allowed or already in place on R1 ?

Review Cisco Networking for a $25 gift card