Announcement

Collapse
No announcement yet.

Configure NAT router in large network

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Configure NAT router in large network

    I have an issue in a large network, devided over different countries. I attached a picture of the network.

    People in the subnet 10.9.2.0 on the bottom left need to access a CMS in the 10.11.253.0 subnet on the top right. There are static routes from the source to the destination, but not the other way around. The Stuttgart router does not know how to route traffic back to the 10.9.2.0 network. The reason for that, is that Stuttgart allready has a 10.9.2.0 subnet.

    I also don't have access to the Amsterdam and Tele2 router. What I can do is place a router with NAT in between these two routers. Traffic from 10.9.2.0 needs to be forwarded using NAT. It has to get another source address, so that the Stuttgart router knows the way back.

    Is this possible? Wich type of NAT should I use?
    Attached Files

  • #2
    Re: Configure NAT router in large network

    you're band-aiding a problem...

    renumber one of your networks, so you aren't using the same subnet in different places..
    Please do show your appreciation to those who assist you by leaving Rep Point https://www.petri.com/forums/core/im.../icon_beer.gif

    Comment


    • #3
      Re: Configure NAT router in large network

      Renumbering will not solve my issue. I can NOT create a route on the Stuttgart router. If I could, then there was no problem.

      Comment


      • #4
        Re: Configure NAT router in large network

        Renumbering will not solve my issue. I can NOT create a route on the Stuttgart router. If I could, then there was no problem.
        Why cant you add a route? Like techcamel said, using nat is a temporary solution not a permanent solution. Not sure what the Stuttgart device is, Cisco? Static nat or static policy nat depending on how granular you want to get.
        Last edited by auglan; 14th May 2012, 14:39.
        CCNA, CCNA-Security, CCNP
        CCIE Security (In Progress)

        Comment


        • #5
          Re: Configure NAT router in large network

          I don't have access to the stuttgart router. I also don't have access to the Amsterdam and Tele2 routers. They belong to German Company Easynet and Dutch company Tele2.

          Stuttgart router only routes 10.11.10.0 subnet back. This subnet was once there, and now it's not used anymore. The static routes are still there, so i can use that subnet to pull some kind of trick using NAT.
          What I want is implement a new router and configure NAT on that. I can place the new NAT router somewhere between Tele2 router and Amsterdam router.

          Traffic from 10.9.2.0 has to be natted to stuttgart router, so that it gets source address 10.11.10.x. The Stuttgart router knows a way back to that subnet. So on the way back it has to be natted from 10.11.10.x to 10.9.2.0 again.

          I understand the story seems a little bit weird, but that is how the situation is, and i've got to find a solution.

          All devices are Cisco devices!

          Last edited by Sven_Ilionx; 14th May 2012, 14:48.

          Comment


          • #6
            Re: Configure NAT router in large network

            Where is the 10.11.10.x subnet in this diagram?
            Last edited by auglan; 14th May 2012, 15:24.
            CCNA, CCNA-Security, CCNP
            CCIE Security (In Progress)

            Comment


            • #7
              Re: Configure NAT router in large network

              I will create that subnet between Amsterdam and Tele2 by placing a router in between...

              Comment


              • #8
                Re: Configure NAT router in large network

                Okay so create your access-list to identify the traffic to be natted:



                access-list 100 permit ip 10.9.2.0 0.0.0.255 host 10.11.253.?


                route-map STATIC_NAT permit 10
                match ip address 100


                ip nat inside source route-map STATIC_NAT int ?? overload


                Define your inside/outside nat interfaces
                CCNA, CCNA-Security, CCNP
                CCIE Security (In Progress)

                Comment


                • #9
                  Re: Configure NAT router in large network

                  Ok I played with the NAT rules a little bit, and this seem to work. That means, I can ping the destination after this....

                  access-list 101 permit ip 10.9.2.0 0.0.1.255 10.11.253.102 0.0.0.255
                  ip nat inside source list 101 interface Serial 1/0
                  interface s0/1 = ip nat outside
                  interface s1/1 = ip nat inside

                  When do I need to use overload?

                  Comment


                  • #10
                    Re: Configure NAT router in large network

                    <overload> Tells NAT to overload a single IP address so it can support numerous translations.
                    CCNA, CCNA-Security, CCNP
                    CCIE Security (In Progress)

                    Comment

                    Working...
                    X