NAT translate past 2 hops?

Discussion in 'Cisco' started by Joseph Finley, Jan 15, 2004.

  1. Can I source a NAT'd IP address 2 hops away even thought it's not on the
    same subnet as the NAT'ing router?? I have many customers that are using
    routable Ip's and I need to slowly move them off without taking them all
    down at once...


    Interface FastEthernet 0/0
    ip address 192.168.22.1 255.255.255.0
    ip address 222.222.222.1 255.255.255.0 secondary
    !
    ip nat pool temp 222.222.222.10 222.222.222.30 netmask 255.255.255.0
    extendable
    ip nat inside source list 1 pool temp
    ip nat inside source static 192.168.24.56 222.222.222.83 extendable
    ip nat inside source static 192.168.24.21 222.222.222.14 extendable
    !

    The 192.168.24.0 subnet is on the other end of the T1.

    222.222.x.x (3 customers)
    \ | /
    \ | /
    192.168.22.1
    222.222.222.1 (2ndary IP)
    |
    |
    | Serial T1 connection
    |
    |
    192.168.24.1
    / | \
    Servers
     
    Joseph Finley, Jan 15, 2004
    #1
    1. Advertisements


  2. Yes. You can translate on behalf of a device many hops away. However,
    since you are doing "nat on a stick" (NAT in and out the same interface) you
    will need to use the voodoo that makes that work. Search for "NAT on a
    stick" on google.
     
    Phillip Remaker, Jan 15, 2004
    #2
    1. Advertisements

  3. Sure,
    You shouldn't have a problem. All you need to do is specify the subnet
    you want to translate and make sure the traffic actually hits the
    natting router at some point. For example on your setup you will need:

    ip nat inside source list 1 pool temp
    access-list 1 permit 192.168.24.0 0.0.0.255

    Simon
     
    Simon Tibbitts, Jan 15, 2004
    #3
  4. Thank you both. Got what I need!

    Joe
     
    Joseph Finley, Jan 15, 2004
    #4
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.