NAT: which interfaces to use on 870 series routers ?

Discussion in 'Cisco' started by JF Mezei, Oct 14, 2010.

  1. JF Mezei

    JF Mezei Guest

    A while back, I posted about a problem of 2 wi-fi devices unable to talk
    to each other and wi-fi unable to reach a particular host on the wired
    lan, and that those were sporadic problems.

    I *think* am an narrowing down the problem to NAT. I put a NAT timeout
    of 1 hour instead of the default 24 hours. I suspect that Bittorrent
    usage tended to load the NAT tables quite a bit. This seems to have
    alleviated the problem, but not fixed it.

    So now, i am looking at a sanity check for my setup which works, but
    which may not be "right".

    In the NAT section:

    ip nat translation timeout 3600
    ip nat pool natpool1 10.0.0.0 10.0.255.255 netmask 255.255.0.0
    ip nat inside source list 23 interface Dialer1 overload
    ip nat inside source static tcp 10.0.0.20 23 interface Dialer1 23
    ip nat inside source static tcp 10.0.0.21 25 interface Dialer1 25
    ip nat inside source static tcp 10.0.0.22 80 interface Dialer1 80
    etc

    QESTION: Since there is only one external IP address that gets directed
    to a couple of hosts on the LAN depending on port, do I need the
    ip nat pool statement ?

    I originally put it in there because various examples on the net had
    such a statement there. From what I read, the "overload" is what really
    specifies I want PAT.

    ------------------------------------


    interface Dialer1
    description PPPoE to Modem
    ip address negotiated
    ip access-group ACLinbound in
    ip access-group ACLoutbound out
    ip mtu 1492
    ip nat outside
    etc


    interface BVI10
    ip address 10.0.0.1 255.255.0.0
    ip nat inside
    ip virtual-reassembly

    QUESTION: Since the BVI10 interface also ties in the wi-fi interface, is
    this the right interface to which one applies the "ip nat inside"
    statement ?

    When a Wi-Fi device sends packets to a LAN device, it passes through the
    BVI10 device. Would the IP NAT INSIDE interfere with this bridging
    function ? Or is the BVI device smart enough to ignore routing functions
    when the source and destination IPs are in the same subnet ?

    is it the ip-nat-inside and ip-nat-outside which create the link between
    the dialer1 and the BVI10 devices ?


    My internal lan is in the 10.0/16 subnet for both the wi-fi and wired
    LAN. (there are a couple of other subnets but they don't matter in this
    case)
     
    JF Mezei, Oct 14, 2010
    #1
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Voitec
    Replies:
    2
    Views:
    493
    Voitec
    Mar 20, 2005
  2. 870 series

    , May 31, 2005, in forum: Cisco
    Replies:
    7
    Views:
    448
  3. Lionel Fourquaux

    802.11i for Cisco 870 routers

    Lionel Fourquaux, Dec 26, 2005, in forum: Cisco
    Replies:
    2
    Views:
    1,885
    Lionel Fourquaux
    Dec 29, 2005
  4. AM
    Replies:
    0
    Views:
    339
  5. AM
    Replies:
    0
    Views:
    442
Loading...

Share This Page