I have a situation whereby a device has no default gateway assigned, but now does need to communicate outside its subnet as shown below
My first thought was to add a NAT for the remote source to local host address on the same subnet.
I added the 2 NAT statements, did a packet capture on the device and confirmed that it saw communication coming from 192.168.100.3 and not 192.168.1.2. So far so good, except the device is not responding. My best guess at this point is either A.) it can't be done or B.) I just am not doing this right. Any tips would be appreciated.
Any way this can be done with NAT or any other solution besides proxy arp? In my situation the device has a 24 bit mask to which can not be changed (if it could, then we could also assign a gw). In a test with a laptop (which I could make some changes), proxy arp only worked by changing to a larger mask.
The question came up recently because we do encounter older industrial PLCs that were placed on site by previous businesses. As such we do not have the ability to make changes ourselves to the PLC, only that the data can be read from it. In order to do so remotely across a VPN, we have to be able find someway to work around the missing gateway. In our current situation this is resolved by placing another controller that polls the older unit directly, with the new unit able to fully communicate across VPN.
On the 10.1.1.2 router you need to NAT all traffic so that the source always appears to be 192.168.100.x/24.
If you make the 192.168.100.1 interface the "ip nat outside" interface, and 10.1.1.2 the "ip nat inside" interface, you can do something like the below. This will allow 192.168.1.2 to access 192.168.100.2
ip nat inside source list 105 interface <outside interface> overload access-list 105 permit ip 192.168.1.0 0.0.0.255 any