Re: PAT Overload between internal networks

Mark Rigby · ‎05-27-2010

Greetings, i have an 871 ISR, the outside interface is configured with two sub interfaces and an internal LAN interfaces, now im trying to get the 172.16.1.0 network to talk to the 10.10.10.0 network which doesnt have a GW of it's own, as such i need to translate the 172.16.1.0 network to the IP address of the F4.75 interface 10.10.10.1

I though this would be simple in theory but its proving annoying.

F4.50 - Internet Facing

ip address 1.1.1.1 255.255.255.0

ip nat outside

F4.75 - Internal LAN

10.10.10.1 255.255.255.0

ip nat ?

The internal Vlan1 interface is attatched to a private network

VLAN1

ip address 172.16.1.0 255.255.255.0

ip nat inside

I can get to the internet fine using

ip nat inside source list 100 interface F4.50 overload

!

access-list 100 permit 172.16.1.0 0.0.0.255 any

However i cant PAT to the 10.10.10.0 network using the same method, ive tried setting the interface to OUTSIDE the doing the following but to no avail.

interface F4.75

ip nat outside

!

ip nat inside source list 101 interface F4.75 overload

!

access-list 101 permit 172.16.1.0 0.0.0.255 10.10.10.0 0.0.0.255

Any recomendations are welcome

Ganesh Hariharan · ‎05-27-2010


Greetings, i have an 871 ISR, the outside interface is configured with two sub interfaces and an internal LAN interfaces, now im trying to get the 172.16.1.0 network to talk to the 10.10.10.0 network which doesnt have a GW of it's own, as such i need to translate the 172.16.1.0 network to the IP address of the F4.75 interface 10.10.10.1

I though this would be simple in theory but its proving annoying.

F4.50 - Internet Facing
ip address 1.1.1.1 255.255.255.0
ip nat outside

F4.75 - Internal LAN
10.10.10.1 255.255.255.0
ip nat ?

The internal Vlan1 interface is attatched to a private network

VLAN1
ip address 172.16.1.0 255.255.255.0
ip nat inside

I can get to the internet fine  using

ip nat inside  source list 100 interface F4.50 overload
!
access-list  100 permit 172.16.1.0 0.0.0.255 any

Hi,

Are you telling the sub interface are configured in outside interface but in the above config 10.10.10.X is int intenal segment and traffic 172.16.1.0 is alos coming from internal segment i suppose.

You can create mutliple internal subinterface and make use of pat in the baove config with making gateway as the sub interface ip of the router.

Hope to Help !!

Ganesh.H

Mark Rigby · ‎05-28-2010

Greetings, yes i have configured "ip nat outside" on the sub interfaces, this is the current configuration.

I want to PAT "overload" between the internal LAN 172.16.1.0 255.255.255.0 and a second internal LAN 10.10.10.0 . It is this way because the clients on the 10.10.10.0 network dont know of the other internal network 172.16.1.0 and dont know how to route to it as 10.10.10.1 isnt there default gateway, if i try to communicate with a host on the 10.10.10.0 network without NAT the source IP comes from the 172.16.1.0 network which they dont know how to get too hence PAT.

Unfortunatrley this config doesnt work, do i need to use route maps instead?

Regards

interface f4

no ip address

!

interface f4.50 - Internet Facing

encapsulation dot1q 50

ip address 1.1.1.1 255.255.255.0

ip nat outside

!

interface f4.75 - Internal LAN

encapsulation dot1q 75

10.10.10.1 255.255.255.0

ip nat outside

!

interface vlan1

ip address 172.16.1.1 255.255.255.0

ip nat inside

!

ip nat inside source list 100 interface f4.50 overload

ip nat inside source list 101 interface f4.75 overload

!

access-list 100 permit ip 172.16.1.0 0.0.0.255 10.10.10.0 0.0.0.255

access-list 101 permit ip 172.16.1.0 0.0.0.255 any

Mark Rigby · ‎06-01-2010

Is this one for route-maps or isnt it possible to PAT between two RFC 1918 network ranges?

Regards

PAT Overload between internal networks

Umbrella: 内部ネットワーク (Internal Networks) について

Umbrella: Networks と Internal Networks の相違点について

NAT overload の設定例

[BGP] Comprendre la commande bgp redistribute-internal

IPv6 NAT64 - Dynamic Overload Mapping (PAT) Configuration Example