Cisco NAT

Discussion in 'Cisco' started by Simon Koh, Aug 7, 2004.

  1. Simon Koh

    Simon Koh Guest

    Hi,

    I have a challenge and not able to resolve even I involve 3rd party to look
    into.

    --------------------- (LAN)
    |
    |
    Router 1720 E0:10.180.2.250
    |
    |
    E1:10.180.2.252
    Router 2620 (NAT)
    E0:10.90.28.254
    |
    |
    Router 827 (ISP) - E0 10.90.28.252
    |
    |
    Remote Sites

    It's more related to NAT (I believe) and I am resort to ask around after
    many trials on my own pace.

    On my Router 1720, it does not recognize anything on 10.90.x.x traffic which
    I still believe NAT at Router 2620 would resolve the probelm. Router 1720
    could only recognize anything from 10.180.x.x and 10.181.x.x.

    At this stage I am doing static NAT in my router to allow traffic for server
    to be recongnized by remote sites. Following is the statement in the router
    2620.

    interface FastEthernet0/0
    ip address 10.90.28.254 255.255.255.0
    ip nat outside
    duplex auto
    speed auto
    no cdp enable
    !
    interface FastEthernet0/1
    ip address 10.180.2.252 255.255.255.0
    ip nat inside
    duplex auto
    speed auto
    no cdp enable
    !
    ip nat inside source list 1 interface FastEthernet0/0 overload
    ip nat inside source static 10.180.2.231 10.90.28.231
    ip nat inside source static 10.180.2.236 10.90.28.236
    ip nat inside source static 10.180.2.232 10.90.28.232
    ip nat inside source static 10.180.2.235 10.90.28.235
    ip nat inside source static 10.180.2.234 10.90.28.210
    ip nat inside source static 10.180.2.237 10.90.28.162
    ip nat inside source static 10.180.2.238 10.90.28.145
    ip nat inside source static 10.180.2.241 10.90.28.138
    ip nat inside source static 10.180.2.240 10.90.28.89
    ip classless
    ip route 0.0.0.0 0.0.0.0 10.180.2.250
    ip route 10.90.29.0 255.255.255.0 10.90.28.252
    ip route 10.90.30.0 255.255.255.0 10.90.28.252
    ip route 10.90.31.0 255.255.255.0 10.90.28.252
    ip route 10.90.32.0 255.255.255.0 10.90.28.252
    ip route 10.90.33.0 255.255.255.0 10.90.28.252
    ip route 57.8.81.0 255.255.255.0 10.180.2.253
    ip http server
    !
    access-list 1 permit 10.180.2.0 0.0.0.255
    no cdp run

    I really wanted to make this as transparent as possible, instead of static
    NAT to Server IP I would like to do Workstation NAT instead, router 1720 is
    a managed router which would not allow any traffic from 10.90.x.x. e.g.
    10.90.29.x NAT to 10.181.1.x so I could remove Server IP NAT in the
    router.

    Please enlighten. I appreciate any pointers.

    TIA.
    Simon
     
    Simon Koh, Aug 7, 2004
    #1
    1. Advertising

  2. Simon Koh

    PES Guest

    <SNIP>

    After reading over this several times, I have more questions than answers.
    Although your question is fairly specific (which is what I typically attempt
    to answer), I have many questions concerning the design and functionality
    goals as well as how the network came to this point.

    Although you have apparently had a consultant in there to assist with this,
    I would get another set of eyes on it again. They should start out by
    evaluating the original goal and what equipment you have administratively
    under your control. Given that as well as the small size of this network,
    they should be able to tell you how they would have achieved the goal on the
    spot. If the goal is unachievable based on the equipment that you have
    under your control it will be obvious to them. I would definitely recommend
    getting a good Cisco consultant in there to discuss the scenario in full. I
    strongly believe that two or three hours of consulting with the right person
    will be well worth the expense.
     
    PES, Aug 8, 2004
    #2
    1. Advertising

  3. Simon Koh

    Simon Koh Guest

    Hi,

    I certainly would like to design proper network but at this stage I have too
    many hands meddled with my network. Except 2620, all are managed routers
    which do not compromise one another and resorted to do NAT using 2620.

    Please assist, I would work on a long term strategy to ensure such red tapes
    are removed on my next over haul.

    Thanks,
    Simon

    "PES" <NO*SPAMpestewartREMOVE**SUCKS> wrote in message
    news:41156af8$...
    > <SNIP>
    >
    > After reading over this several times, I have more questions than answers.
    > Although your question is fairly specific (which is what I typically

    attempt
    > to answer), I have many questions concerning the design and functionality
    > goals as well as how the network came to this point.
    >
    > Although you have apparently had a consultant in there to assist with

    this,
    > I would get another set of eyes on it again. They should start out by
    > evaluating the original goal and what equipment you have administratively
    > under your control. Given that as well as the small size of this

    network,
    > they should be able to tell you how they would have achieved the goal on

    the
    > spot. If the goal is unachievable based on the equipment that you have
    > under your control it will be obvious to them. I would definitely

    recommend
    > getting a good Cisco consultant in there to discuss the scenario in full.

    I
    > strongly believe that two or three hours of consulting with the right

    person
    > will be well worth the expense.
    >
    >
     
    Simon Koh, Aug 10, 2004
    #3
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Al Dykes
    Replies:
    8
    Views:
    613
    Walter Roberson
    Oct 29, 2003
  2. JCVD
    Replies:
    1
    Views:
    478
    Martin Gallagher
    Feb 13, 2004
  3. Anonymous Poster
    Replies:
    0
    Views:
    10,677
    Anonymous Poster
    Apr 26, 2004
  4. Kenny D

    Identity Nat v Exemption NAT

    Kenny D, May 8, 2004, in forum: Cisco
    Replies:
    1
    Views:
    4,044
    Walter Roberson
    May 8, 2004
  5. skweetis
    Replies:
    0
    Views:
    1,214
    skweetis
    Dec 11, 2006
Loading...

Share This Page