Solved: Rookie question: Nat all internal networks to one IP address when accessing the WAN subnet

Silver_NZ · ‎04-13-2014

Hi Everyone

Currently studying CCNA. I'm attempting to NAT any machine on an internal interface to an IP address on the wan interface

Fast 0/1: 172.25.0.1/24
Fast 0/0: 172.26.0.1/24
Eth 1/0.18: 172.26.18.1/24
Eth 1/0.19: 172.26.19.1/24

There are machines which connect via fast 0/0, and both Eth 1/0 sub interfaces.

Fast 0/1 connects to the internet via 172.25.0.254/24. I'd like to NAT everything from the internal interfaces(2,3,4) to 172.25.0.2 when they attempt to access the internet. I do not want them to NAT when they access other machines on the networks(which are locally connected to this router(2621XM))

The issue at the moment is that the internet router doesn't have a route back for the networks it doesn't have entries for. While writing routes back does fix the problem, I'd like to try it this way too(as a learning exercise)

Does that make sense?

TIA!

Jon Marshall · ‎04-14-2014

Yes it does make sense.

1) on fa0/1 you need to add -

ip nat outside

2) on the other interfaces -

ip nat inside

3) create your acl -

access-list 101 permit ip 172.26.0.0 0.0.0.255 any

access-list 101 permit ip 172.26.18.0 0.0.0.255 any

access-list 101 permit ip 172.26.19.0 0.0.0.255 any

4) then add a NAT pool -

ip nat pool <name> 172.25.0.2 172.25.02 netmask 255.255.255.252

5) add a NAT statement to tie it altogether -

ip nat inside source list 101 pool <name> overload

the above should allow you to ping between the subnets and only translate the IPs to the pool IP if you are routed to the outside interface.

Note if you find that you cannot ping between subnets then you can modify the acl above to deny traffic between subnets before the permit statements.

However you shouldn't need to do this.

Jon

View solution in original post

Jon Marshall · ‎04-14-2014