Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
491
Views
0
Helpful
2
Replies

Two ip nat outside interfaces and one ip nat inside interface?

sweller
Level 1
Level 1

‎03-07-2017 07:45 PM - edited ‎03-08-2019 09:39 AM

Hello all!

I ask in advance that you be patient with me this is my first time posting and I haven't even held my CCNA for a year yet! 

(also sorry if this goes in the wrong section I cant find a NAT section)

So here is my situation one of our clients needs some NATing done because a vendor has requested that it be done. The hardware setup is as follows

WS-C3750-48TS                   >            Cisco IAD2432-24FXS                       >        Cisco WS-C4006

(Switch managed by vendor)              (Router Managed by our MSP)                    (Switch managed by our MSP only one subnet)

Before this request was even made I had no control over the equipment so the setup is kinda wacky but essentially the vendor had requested that we NAT a block of our addresses to a block of their addresses. The previous administrator did this with static NATs. Now the vendor wants to add more NAT's but this time the addresses that they are giving us is not in the same subnet as the previous blocks they have given us.

So here is some IP/config details on the current setup

Vendor networks 172.28.240.112/28 172.28.240.128/28

My Network 10.10.1.0/24

IAD2432 interfaces

fa0/0 10.10.1.7/24

fa0/1 172.28.240.126/28 directly connected to 172.28.240.113/28

IAD2432 routing table

Gateway of last resort is 10.10.1.8 to network 0.0.0.0

172.28.0.0/28 is subnetted, 1 subnets


C 172.28.240.112 is directly connected, FastEthernet0/1


10.0.0.0/24 is subnetted, 1 subnets


C 10.10.1.0 is directly connected, FastEthernet0/0


S* 0.0.0.0/0 [1/0] via 10.10.1.8


S 172.16.0.0/12 [1/0] via 172.28.240.113

I believe that the routing is fine but I could be wrong but I believe the static route at the bottom 
S 172.16.0.0/12 [1/0] via 172.28.240.113 

takes care of the routing on my end  I could be wrong

So the next block of address they gave me where in the 172.28.240.128/28 subnet so I put in the NAT statements figuring they would not work right away but hey maybe I'd get lucky so here is what the NAT statements look like currently

ip nat inside source static 10.10.1.30 172.28.240.115
ip nat inside source static 10.10.1.31 172.28.240.116
ip nat inside source static 10.10.1.35 172.28.240.117
ip nat inside source static 10.10.1.36 172.28.240.118
ip nat inside source static 10.10.1.44 172.28.240.119
ip nat inside source static 10.10.1.61 172.28.240.130
ip nat inside source static 10.10.1.62 172.28.240.131
ip nat inside source static 10.10.1.60 172.28.240.132
ip nat inside source static 10.10.1.64 172.28.240.133
ip nat inside source static 10.10.1.65 172.28.240.134
ip nat inside source static 10.10.1.66 172.28.240.135
ip nat inside source static 10.10.1.63 172.28.240.136

Addresses in the 172.28.240.112/28 subnet seem to work just fine but the next subnet does not work at all, I assume that I need to add a sub-interface to get this working so here is my proposed configuration

fastethernet0/0

10.10.1.7/24

no shut

ip nat inside

fastethernet0/1

no ip address 

no shut

(I have tired using ip nat outside on this interface and not the subinterfaces with the same result)

fastethernet0/1.XX

172.28.240.126/28

no shut

ip nat outside

fastethernet0/1/xx

172.28.240.142/28

no shut

ip nat outside

how ever I can not get this to work in Boson netsim or my lab equipment at home. So if any suggestions could be made I would love you guys lol!

Thanks in advance for any help you can provide, I am more than happy to provide any additional details needed.

Labels:
0 Helpful
2 Replies 2

Jon Marshall
Hall of Fame
Hall of Fame

‎03-08-2017 07:43 AM

There are two ways of doing this and it depends on what the vendor has done as to which will work. 

The first and more common way is for the vendor to add a route to their equipment for the new subnet pointing to 172.28.240.126 ie. your router. This way you do not need to do anything on your end other than add the static NAT configurations. This approach simply routes the new subnet to you.

The second way is if the vendor uses a secondary IP address from the new subnet on the interface with the existing 172.28.240.x IP at their end. Then you need to add a secondary IP from the new subnet on the interface with the 172.28.240.126 IP.

So as I say you first need to check with the vendor what they have done at their end.

Jon

0 Helpful

sweller
Level 1
Level 1
In response to Jon Marshall

‎03-08-2017 09:26 AM

Jon,

Your quick response is definitely appreciated, thank you so much! I will contact the vendor and verify how they would like to accomplish this and play with the scenario in my lab and I will let you know what I find!

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card