Options

forward nat to a layer 3 switch port

cisco_kid2008cisco_kid2008 Member Posts: 14 ■□□□□□□□□□
in CCNP
I have a problem i do not have any ethernet interfaces left on a 3845 router. We have a new router coming in from a vendor that is going to be a ethernet handoff. I am going to create an ip address on a layer 3 switch port that is connected to the 3845. I am going to connect the new 1800 router to that switch port. My problem is i am using router on a stick on the 3845 how do i nat traffic from a certain vlan(inside) to outside being the layer 3 switchport with and ip address. Would it be easier to get a WIC with another ethernet interface.


3845
-
-Trunk intervlan routing
-
3750(routing turned on)
-
-
Interface fa0/48(set ip address on this port) -> cisco 1800(fa0/0)
-
-
cisco 1800(s0/0) out to T1


The only traffic going to the 1800 will be certain public ip address traffic say 65.65.65.65 and that has to be natted with overload.
· Share on FacebookShare on Twitter

Comments

  • Options
    kryollakryolla Member Posts: 785
    Can you do nat on 1800 since one inteface will be public (s0/0) and the other will be private (fa0/0)
    Studying for CCIE and drinking Home Brew
    · Share on FacebookShare on Twitter
  • Options
    cisco_kid2008cisco_kid2008 Member Posts: 14 ■□□□□□□□□□
    The problem is i have to nat before i get to that 1800. That is not our router. I just need to push traffic going to 65.x.x.x to that router so it can get to that companys network.
    · Share on FacebookShare on Twitter
  • Options
    kryollakryolla Member Posts: 785
    I dont think you can NAT on your 3750. I have a 3550 here at home and NAT is not supported. Is there a reason why there is no firewall between the 1800 and 3750, you can put a cheap pix firewall and do NAT if not than the only option is 3845 router.
    Studying for CCIE and drinking Home Brew
    · Share on FacebookShare on Twitter
  • Options
    PlazmaPlazma Member Posts: 503
    Most switches won't do NAT.. ASA's, Routers, and PIX's shouldn't have any problem doing NAT for you.
    CCIE - COMPLETED!
    · Share on FacebookShare on Twitter
  • Options
    cisco_kid2008cisco_kid2008 Member Posts: 14 ■□□□□□□□□□
    Will this work

    do nat inside on the subinterface vlan where the pcs are
    create another subinterface of .65 encapsulate to vlan 65 to the 65.x.x.x network
    hook the 1800 up to a switchport connected to the 3845 router place that port on vlan 65

    create a static route 65.x.x.x 255.255.255.0 ethernet0.65

    My viewpoint is the router packet will come back to router and go out the .65 interface because of the static route. Then broadcast for the 1800 router and go out to the vendors network
    · Share on FacebookShare on Twitter
  • Options
    kryollakryolla Member Posts: 785
    your source ip will not change so more than likely your service provider is blocking private ip ranges i.e if the only traffic going to 1800 router from you should only be 65.x.x.x that is the only traffic he is allowing into his network for security reasons. You will need NAT to translate between you private network and his public network.
    Studying for CCIE and drinking Home Brew
    · Share on FacebookShare on Twitter
  • Options
    cisco_kid2008cisco_kid2008 Member Posts: 14 ■□□□□□□□□□
    thanks for the reply. I just want to make sure that the packets will find the 1800 router from our network. I have no idea what the 1800 config is i just have to get our internal packets to it and then i believe they will be natting again.
    · Share on FacebookShare on Twitter
  • Options
    kryollakryolla Member Posts: 785
    you only need routes if the router needs to send packets off the subnet from its directly connected interfaces
    Studying for CCIE and drinking Home Brew
    · Share on FacebookShare on Twitter
Sign In or Register to comment.