Network nat

Discussion in 'Cisco' started by Taff, Dec 5, 2004.

  1. Taff

    Taff Guest

    Howdy,
    Can nat only be performed on connected networks or is there a way of natting
    a source lan address of an inbound packet on another network coming in from
    a serial interface (unfortunately the nat on the other network cannot be
    natted on their local network).

    I'd also like to change the destination address as well.

    Could some give me some examples please.

    Cheers.,
    Taff.
    Taff, Dec 5, 2004
    #1
    1. Advertising

  2. Taff

    Toby Guest

    "Taff" <> wrote in message
    news:9qLsd.13784$...
    > Howdy,
    > Can nat only be performed on connected networks or is there a way of
    > natting
    > a source lan address of an inbound packet on another network coming in
    > from
    > a serial interface (unfortunately the nat on the other network cannot be
    > natted on their local network).
    >
    > I'd also like to change the destination address as well.
    >
    > Could some give me some examples please.
    >
    > Cheers.,
    > Taff.
    >
    >

    You have full control over NAT and can allow any source address/protocol you
    wish to be granted access via access lists or route-maps. It comes down to
    the command

    ip nat inside source .................. statement in global config.

    Toby
    Toby, Dec 5, 2004
    #2
    1. Advertising

  3. Taff

    John Smith Guest

    or "ip nat outside source...."
    assuming nat will take place on an ios router...

    "Toby" <> wrote in message
    news:6xLsd.1089$...
    >
    > "Taff" <> wrote in message
    > news:9qLsd.13784$...
    >> Howdy,
    >> Can nat only be performed on connected networks or is there a way of
    >> natting
    >> a source lan address of an inbound packet on another network coming in
    >> from
    >> a serial interface (unfortunately the nat on the other network cannot be
    >> natted on their local network).
    >>
    >> I'd also like to change the destination address as well.
    >>
    >> Could some give me some examples please.
    >>
    >> Cheers.,
    >> Taff.
    >>
    >>

    > You have full control over NAT and can allow any source address/protocol
    > you wish to be granted access via access lists or route-maps. It comes
    > down to the command
    >
    > ip nat inside source .................. statement in global config.
    >
    > Toby
    >
    >
    John Smith, Dec 5, 2004
    #3
  4. Taff

    Taff Guest

    How does this apply to the following:

    Company X needs to talk to a server on Company Y lan. Company X has a frame
    connection to Company Y using 192.168.10.0 addressing.
    Company Y has another subnet on their Lan the same as Company X -
    192.168.1.0

    How do I change the source address of Company X Lan client addresses so the
    server at Company Y can reply to the different subnet. I cannot make any
    changes on the Company X router so all changes need to be done from the
    Company Y router.

    Company X Lan address - 192.168.1.0
    Company X frame router address - 192.168.10.1

    Company Y Lan address - 192.168.100.0
    Company Y frame address - 192.168.10.2
    Server - 192.168.100.100

    Company X router:

    Int faste0/0
    ip address 192.168.1.1/24

    int serial0
    ip address 192.168.10.1/24

    Ip route 0.0.0.0 .0.0.0.0 192.168.10.2




    Company Y router: (also has dialer interface and natting for internet)

    Int faste 0/0
    ip address 192.168.100.1/24
    ip nat inside

    Int serial 0
    ip address 192.168.10.2/24
    ip nat ?

    Int dialer0
    ip nat outside

    Any help with this config would be much appreciated.




    "Toby" <> wrote in message
    news:6xLsd.1089$...
    >
    > "Taff" <> wrote in message
    > news:9qLsd.13784$...
    > > Howdy,
    > > Can nat only be performed on connected networks or is there a way of
    > > natting
    > > a source lan address of an inbound packet on another network coming in
    > > from
    > > a serial interface (unfortunately the nat on the other network cannot be
    > > natted on their local network).
    > >
    > > I'd also like to change the destination address as well.
    > >
    > > Could some give me some examples please.
    > >
    > > Cheers.,
    > > Taff.
    > >
    > >

    > You have full control over NAT and can allow any source address/protocol

    you
    > wish to be granted access via access lists or route-maps. It comes down to
    > the command
    >
    > ip nat inside source .................. statement in global config.
    >
    > Toby
    >
    >
    Taff, Dec 5, 2004
    #4
  5. Taff

    Toby Guest

    "Taff" <> wrote in message
    news:FPLsd.13794$...
    > How does this apply to the following:
    >
    > Company X needs to talk to a server on Company Y lan. Company X has a
    > frame
    > connection to Company Y using 192.168.10.0 addressing.
    > Company Y has another subnet on their Lan the same as Company X -
    > 192.168.1.0
    >
    > How do I change the source address of Company X Lan client addresses so
    > the
    > server at Company Y can reply to the different subnet. I cannot make any
    > changes on the Company X router so all changes need to be done from the
    > Company Y router.
    >
    > Company X Lan address - 192.168.1.0
    > Company X frame router address - 192.168.10.1
    >
    > Company Y Lan address - 192.168.100.0
    > Company Y frame address - 192.168.10.2
    > Server - 192.168.100.100
    >
    > Company X router:
    >
    > Int faste0/0
    > ip address 192.168.1.1/24
    >
    > int serial0
    > ip address 192.168.10.1/24
    >
    > Ip route 0.0.0.0 .0.0.0.0 192.168.10.2
    >
    >
    >
    >
    > Company Y router: (also has dialer interface and natting for internet)
    >
    > Int faste 0/0
    > ip address 192.168.100.1/24
    > ip nat inside
    >
    > Int serial 0
    > ip address 192.168.10.2/24
    > ip nat ?
    >
    > Int dialer0
    > ip nat outside
    >
    > Any help with this config would be much appreciated.
    >



    Sorry but I cant see your problem. All that needs to be done is Y needs a
    route back to the X LAN 192.168.1.0/24 over the serial interface.As you feel
    a NAT solution is necessary then I can only conclude the problem has not yet
    been illustrated here. As it stands just add a route from the Y Router back
    to X for the LAN network of 192.168.1.0/24

    Toby
    Toby, Dec 5, 2004
    #5
  6. Taff

    Taff Guest

    Maybe I should explain further :)

    Company Y has another subnet that overlaps with Company X ie 192.168.1.0.

    The default route for the Company Y server connects to a layer 3 switch with
    2 subnets. One 192.168.100.0 and the other 192.168.1.0 with a default route
    to Company Y router. So I need to disguise the source address of the Company
    X traffic so that the server (Comp Y) can route the traffic back to Company
    X instead of the overlapped address on the layer 3 switch.

    Hope that makes more sense!

    I'm not sure how to setup the nat statements as theres already nat
    statements on the Company Y router for their internet traffic.




    "Toby" <> wrote in message
    news:zyMsd.1985$...
    >
    > "Taff" <> wrote in message
    > news:FPLsd.13794$...
    > > How does this apply to the following:
    > >
    > > Company X needs to talk to a server on Company Y lan. Company X has a
    > > frame
    > > connection to Company Y using 192.168.10.0 addressing.
    > > Company Y has another subnet on their Lan the same as Company X -
    > > 192.168.1.0
    > >
    > > How do I change the source address of Company X Lan client addresses so
    > > the
    > > server at Company Y can reply to the different subnet. I cannot make any
    > > changes on the Company X router so all changes need to be done from the
    > > Company Y router.
    > >
    > > Company X Lan address - 192.168.1.0
    > > Company X frame router address - 192.168.10.1
    > >
    > > Company Y Lan address - 192.168.100.0
    > > Company Y frame address - 192.168.10.2
    > > Server - 192.168.100.100
    > >
    > > Company X router:
    > >
    > > Int faste0/0
    > > ip address 192.168.1.1/24
    > >
    > > int serial0
    > > ip address 192.168.10.1/24
    > >
    > > Ip route 0.0.0.0 .0.0.0.0 192.168.10.2
    > >
    > >
    > >
    > >
    > > Company Y router: (also has dialer interface and natting for internet)
    > >
    > > Int faste 0/0
    > > ip address 192.168.100.1/24
    > > ip nat inside
    > >
    > > Int serial 0
    > > ip address 192.168.10.2/24
    > > ip nat ?
    > >
    > > Int dialer0
    > > ip nat outside
    > >
    > > Any help with this config would be much appreciated.
    > >

    >
    >
    > Sorry but I cant see your problem. All that needs to be done is Y needs a
    > route back to the X LAN 192.168.1.0/24 over the serial interface.As you

    feel
    > a NAT solution is necessary then I can only conclude the problem has not

    yet
    > been illustrated here. As it stands just add a route from the Y Router

    back
    > to X for the LAN network of 192.168.1.0/24
    >
    > Toby
    >
    >
    Taff, Dec 5, 2004
    #6
  7. Taff

    Toby Guest

    "Taff" <> wrote in message
    news:5EMsd.13805$...
    > Maybe I should explain further :)
    >
    > Company Y has another subnet that overlaps with Company X ie 192.168.1.0.
    >
    > The default route for the Company Y server connects to a layer 3 switch
    > with
    > 2 subnets. One 192.168.100.0 and the other 192.168.1.0 with a default
    > route
    > to Company Y router. So I need to disguise the source address of the
    > Company
    > X traffic so that the server (Comp Y) can route the traffic back to
    > Company
    > X instead of the overlapped address on the layer 3 switch.
    >
    > Hope that makes more sense!
    >
    > I'm not sure how to setup the nat statements as theres already nat
    > statements on the Company Y router for their internet traffic.
    >
    >
    >
    >
    > "Toby" <> wrote in message
    > news:zyMsd.1985$...
    >>
    >> "Taff" <> wrote in message
    >> news:FPLsd.13794$...
    >> > How does this apply to the following:
    >> >
    >> > Company X needs to talk to a server on Company Y lan. Company X has a
    >> > frame
    >> > connection to Company Y using 192.168.10.0 addressing.
    >> > Company Y has another subnet on their Lan the same as Company X -
    >> > 192.168.1.0
    >> >
    >> > How do I change the source address of Company X Lan client addresses so
    >> > the
    >> > server at Company Y can reply to the different subnet. I cannot make
    >> > any
    >> > changes on the Company X router so all changes need to be done from the
    >> > Company Y router.
    >> >
    >> > Company X Lan address - 192.168.1.0
    >> > Company X frame router address - 192.168.10.1
    >> >
    >> > Company Y Lan address - 192.168.100.0
    >> > Company Y frame address - 192.168.10.2
    >> > Server - 192.168.100.100
    >> >
    >> > Company X router:
    >> >
    >> > Int faste0/0
    >> > ip address 192.168.1.1/24
    >> >
    >> > int serial0
    >> > ip address 192.168.10.1/24
    >> >
    >> > Ip route 0.0.0.0 .0.0.0.0 192.168.10.2
    >> >
    >> >
    >> >
    >> >
    >> > Company Y router: (also has dialer interface and natting for internet)
    >> >
    >> > Int faste 0/0
    >> > ip address 192.168.100.1/24
    >> > ip nat inside
    >> >
    >> > Int serial 0
    >> > ip address 192.168.10.2/24
    >> > ip nat ?
    >> >
    >> > Int dialer0
    >> > ip nat outside
    >> >
    >> > Any help with this config would be much appreciated.
    >> >

    >>
    >>
    >> Sorry but I cant see your problem. All that needs to be done is Y needs a
    >> route back to the X LAN 192.168.1.0/24 over the serial interface.As you

    > feel
    >> a NAT solution is necessary then I can only conclude the problem has not

    > yet
    >> been illustrated here. As it stands just add a route from the Y Router

    > back
    >> to X for the LAN network of 192.168.1.0/24
    >>
    >> Toby
    >>


    It seens to me that the best place to do what you want is on router X which
    you have no control over using NAT to change the source address to the
    interface of router x as the outside local address. I am not an expert in
    NAT so dont know if you can achieve this or not from Router Y.

    Hopefully now you have explained what you want someone else can help

    Toby
    Toby, Dec 5, 2004
    #7
  8. Taff

    Taff Guest

    Yep thats issue i'm up against at the moment. Thanks anyway!

    "Toby" <> wrote in message
    news:CNMsd.1286$...
    >
    > "Taff" <> wrote in message
    > news:5EMsd.13805$...
    > > Maybe I should explain further :)
    > >
    > > Company Y has another subnet that overlaps with Company X ie

    192.168.1.0.
    > >
    > > The default route for the Company Y server connects to a layer 3 switch
    > > with
    > > 2 subnets. One 192.168.100.0 and the other 192.168.1.0 with a default
    > > route
    > > to Company Y router. So I need to disguise the source address of the
    > > Company
    > > X traffic so that the server (Comp Y) can route the traffic back to
    > > Company
    > > X instead of the overlapped address on the layer 3 switch.
    > >
    > > Hope that makes more sense!
    > >
    > > I'm not sure how to setup the nat statements as theres already nat
    > > statements on the Company Y router for their internet traffic.
    > >
    > >
    > >
    > >
    > > "Toby" <> wrote in message
    > > news:zyMsd.1985$...
    > >>
    > >> "Taff" <> wrote in message
    > >> news:FPLsd.13794$...
    > >> > How does this apply to the following:
    > >> >
    > >> > Company X needs to talk to a server on Company Y lan. Company X has a
    > >> > frame
    > >> > connection to Company Y using 192.168.10.0 addressing.
    > >> > Company Y has another subnet on their Lan the same as Company X -
    > >> > 192.168.1.0
    > >> >
    > >> > How do I change the source address of Company X Lan client addresses

    so
    > >> > the
    > >> > server at Company Y can reply to the different subnet. I cannot make
    > >> > any
    > >> > changes on the Company X router so all changes need to be done from

    the
    > >> > Company Y router.
    > >> >
    > >> > Company X Lan address - 192.168.1.0
    > >> > Company X frame router address - 192.168.10.1
    > >> >
    > >> > Company Y Lan address - 192.168.100.0
    > >> > Company Y frame address - 192.168.10.2
    > >> > Server - 192.168.100.100
    > >> >
    > >> > Company X router:
    > >> >
    > >> > Int faste0/0
    > >> > ip address 192.168.1.1/24
    > >> >
    > >> > int serial0
    > >> > ip address 192.168.10.1/24
    > >> >
    > >> > Ip route 0.0.0.0 .0.0.0.0 192.168.10.2
    > >> >
    > >> >
    > >> >
    > >> >
    > >> > Company Y router: (also has dialer interface and natting for

    internet)
    > >> >
    > >> > Int faste 0/0
    > >> > ip address 192.168.100.1/24
    > >> > ip nat inside
    > >> >
    > >> > Int serial 0
    > >> > ip address 192.168.10.2/24
    > >> > ip nat ?
    > >> >
    > >> > Int dialer0
    > >> > ip nat outside
    > >> >
    > >> > Any help with this config would be much appreciated.
    > >> >
    > >>
    > >>
    > >> Sorry but I cant see your problem. All that needs to be done is Y needs

    a
    > >> route back to the X LAN 192.168.1.0/24 over the serial interface.As you

    > > feel
    > >> a NAT solution is necessary then I can only conclude the problem has

    not
    > > yet
    > >> been illustrated here. As it stands just add a route from the Y Router

    > > back
    > >> to X for the LAN network of 192.168.1.0/24
    > >>
    > >> Toby
    > >>

    >
    > It seens to me that the best place to do what you want is on router X

    which
    > you have no control over using NAT to change the source address to the
    > interface of router x as the outside local address. I am not an expert in
    > NAT so dont know if you can achieve this or not from Router Y.
    >
    > Hopefully now you have explained what you want someone else can help
    >
    > Toby
    >
    >
    Taff, Dec 6, 2004
    #8
  9. Taff

    Taff Guest

    Re: Network nat (need help with this one please)

    Can anyone offer a solution for this ??????????




    "Taff" <> wrote in message
    news:IgOsd.13821$...
    > Yep thats issue i'm up against at the moment. Thanks anyway!
    >
    > "Toby" <> wrote in message
    > news:CNMsd.1286$...
    > >
    > > "Taff" <> wrote in message
    > > news:5EMsd.13805$...
    > > > Maybe I should explain further :)
    > > >
    > > > Company Y has another subnet that overlaps with Company X ie

    > 192.168.1.0.
    > > >
    > > > The default route for the Company Y server connects to a layer 3

    switch
    > > > with
    > > > 2 subnets. One 192.168.100.0 and the other 192.168.1.0 with a default
    > > > route
    > > > to Company Y router. So I need to disguise the source address of the
    > > > Company
    > > > X traffic so that the server (Comp Y) can route the traffic back to
    > > > Company
    > > > X instead of the overlapped address on the layer 3 switch.
    > > >
    > > > Hope that makes more sense!
    > > >
    > > > I'm not sure how to setup the nat statements as theres already nat
    > > > statements on the Company Y router for their internet traffic.
    > > >
    > > >
    > > >
    > > >
    > > > "Toby" <> wrote in message
    > > > news:zyMsd.1985$...
    > > >>
    > > >> "Taff" <> wrote in message
    > > >> news:FPLsd.13794$...
    > > >> > How does this apply to the following:
    > > >> >
    > > >> > Company X needs to talk to a server on Company Y lan. Company X has

    a
    > > >> > frame
    > > >> > connection to Company Y using 192.168.10.0 addressing.
    > > >> > Company Y has another subnet on their Lan the same as Company X -
    > > >> > 192.168.1.0
    > > >> >
    > > >> > How do I change the source address of Company X Lan client

    addresses
    > so
    > > >> > the
    > > >> > server at Company Y can reply to the different subnet. I cannot

    make
    > > >> > any
    > > >> > changes on the Company X router so all changes need to be done from

    > the
    > > >> > Company Y router.
    > > >> >
    > > >> > Company X Lan address - 192.168.1.0
    > > >> > Company X frame router address - 192.168.10.1
    > > >> >
    > > >> > Company Y Lan address - 192.168.100.0
    > > >> > Company Y frame address - 192.168.10.2
    > > >> > Server - 192.168.100.100
    > > >> >
    > > >> > Company X router:
    > > >> >
    > > >> > Int faste0/0
    > > >> > ip address 192.168.1.1/24
    > > >> >
    > > >> > int serial0
    > > >> > ip address 192.168.10.1/24
    > > >> >
    > > >> > Ip route 0.0.0.0 .0.0.0.0 192.168.10.2
    > > >> >
    > > >> >
    > > >> >
    > > >> >
    > > >> > Company Y router: (also has dialer interface and natting for

    > internet)
    > > >> >
    > > >> > Int faste 0/0
    > > >> > ip address 192.168.100.1/24
    > > >> > ip nat inside
    > > >> >
    > > >> > Int serial 0
    > > >> > ip address 192.168.10.2/24
    > > >> > ip nat ?
    > > >> >
    > > >> > Int dialer0
    > > >> > ip nat outside
    > > >> >
    > > >> > Any help with this config would be much appreciated.
    > > >> >
    > > >>
    > > >>
    > > >> Sorry but I cant see your problem. All that needs to be done is Y

    needs
    > a
    > > >> route back to the X LAN 192.168.1.0/24 over the serial interface.As

    you
    > > > feel
    > > >> a NAT solution is necessary then I can only conclude the problem has

    > not
    > > > yet
    > > >> been illustrated here. As it stands just add a route from the Y

    Router
    > > > back
    > > >> to X for the LAN network of 192.168.1.0/24
    > > >>
    > > >> Toby
    > > >>

    > >
    > > It seens to me that the best place to do what you want is on router X

    > which
    > > you have no control over using NAT to change the source address to the
    > > interface of router x as the outside local address. I am not an expert

    in
    > > NAT so dont know if you can achieve this or not from Router Y.
    > >
    > > Hopefully now you have explained what you want someone else can help
    > >
    > > Toby
    > >
    > >

    >
    >
    Taff, Dec 6, 2004
    #9
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Al Dykes
    Replies:
    8
    Views:
    582
    Walter Roberson
    Oct 29, 2003
  2. JCVD
    Replies:
    1
    Views:
    452
    Martin Gallagher
    Feb 13, 2004
  3. Anonymous Poster
    Replies:
    0
    Views:
    10,593
    Anonymous Poster
    Apr 26, 2004
  4. Kenny D

    Identity Nat v Exemption NAT

    Kenny D, May 8, 2004, in forum: Cisco
    Replies:
    1
    Views:
    3,979
    Walter Roberson
    May 8, 2004
  5. Allan Wilson

    VPN, from nat without VPN to nat with it

    Allan Wilson, Jul 5, 2004, in forum: Cisco
    Replies:
    1
    Views:
    581
    Walter Roberson
    Jul 5, 2004
Loading...

Share This Page