Showing results for 
Search instead for 
Did you mean: 

Using NAT to access device without gateway


I have a situation whereby a device has no default gateway assigned, but now does need to communicate outside its subnet as shown below

My first thought was to add a NAT for the remote source to local host address on the same subnet.

I added the 2 NAT statements, did a packet capture on the device and confirmed that it saw communication coming from and not So far so good, except the device is not responding. My best guess at this point is either A.) it can't be done or B.) I just am not doing this right. Any tips would be appreciated.

5 Replies 5

Philip D'Ath

To make this work make sure proxy arp is enabled on the device.  You only need NAT if you want to hide the IP addresses - otherwise remove NAT from the configuration.

Any way this can be done with NAT or any other solution besides proxy arp? In my situation the device has a 24 bit mask to which can not be changed (if it could, then we could also assign a gw). In a test with a laptop (which I could make some changes), proxy arp only worked by changing to a larger mask. 

Why can't have it's default gateway set to  Even with a tiny /30 mask these would be in the same subnet.

Yes, it could be done with a hellishly complicated NAT configuration.

You could NAT the server into the space, and then NAT this again into the space, and the two hosts would talk to each other using addresses.

The question came up recently because we do encounter older industrial PLCs that were placed on site by previous businesses. As such we do not have the ability to make changes ourselves to the PLC, only that the data can be read from it. In order to do so remotely across a VPN, we have to be able find someway to work around the missing gateway. In our current situation this is resolved by placing another controller that polls the older unit directly, with the new unit able to fully communicate across VPN.

On the router you need to NAT all traffic so that the source always appears to be 192.168.100.x/24.

If you make the interface the "ip nat outside" interface, and the "ip nat inside" interface, you can do something like the below.  This will allow to access

ip nat inside source list 105 interface <outside interface> overload
access-list 105 permit ip any
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Recognize Your Peers