Question on NAT

Just a quick question on NAT.
Here is a shot of my network

I never specified any NAT pools or anything in any of the routers. Yet NAT is occuring between the 192.168.1.40 and 192.168.2.1 router isnt it? It is automatically happening ? Like I said, I never configured NAT, but all my hosts can communicate.

question:

If NAT is indeed ocurring, why must we specify NAT with NAT commands sometimes? Like when we connect a cisco router to our cable connection?
Thanks

Find more posts tagged with

Comments

forbesl

dissolved wrote:

I never specified any NAT pools or anything in any of the routers. Yet NAT is occuring between the 192.168.1.40 and 192.168.2.1 router isnt it? It is automatically happening ? Like I said, I never configured NAT, but all my hosts can communicate.

question:

If NAT is indeed ocurring, why must we specify NAT with NAT commands sometimes? Like when we connect a cisco router to our cable connection?
Thanks

If you haven't got NAT configured, it's not working. It doesn't configure itself. Your cable router is PATing (NAT overload) all hosts within your internal network on its outside interface.

Check out this link at Cisco:
http://www.cisco.com/en/US/tech/tk648/tk361/technologies_tech_note09186a0080094e77.shtml

knownasthatguy

First, a diagram of your network will not help with the problem. Paste your configs then I can help with the problem a little better.

Second, do a SH IP NAT TRANS at the IOS prompt for your routers. That alone will tell you if there is a translation taking place.

Third, thats correct NAT is not started up automatically.

If you dont want to compromise your network security by showing your IPs, substitute them with an equivalent IP scheme. Good luck.

Webmaster

Yet NAT is occuring between the 192.168.1.40 and 192.168.2.1 router isnt it?

That's called routing

If your hosts on the 192.168.2x and 192.168.0.x can communicate with the internet (as in the other side of your cable router) than there must be a route (gateway of last resort/default route) on the Cisco routers. Did you configure RIP? Is RIP enabled by default on the cable router? Or did you configure a default route on the Cisco routers manually?

knownasthatguy

Ok, that is correct, you have routing between your ciscos and the cable router; but, you are also correct, there is a NAT in your network but its between your CM and ISP. If you are looking from the Internet to your routers, yes you will see the translation but it is on the "edge", meaning at your CM. Consider in what direction you are looking from. Also do a ping test. If your CISCO has NAT enabled, which I highly doubt it is, you can always issue a ping from a pc on outside interface and you will get a response from a NAT IP instead of your inside IP. This will also indicate you have a NAT. If your network is setup like I think it is, you have a CM with a series of 10/100 ports on it. Your cisco is conned to one of the ports with your CMs internal IP range as its address. Then, within your cisco networks, you have an entirely different IP range (Keep in mind, your IP subnets dont have to be the same for every Ethernet IFC, just the Serials, its called subnet domains or broadcast domains. This could be whats confusing you). From one of you CM ports, you will be able to hook a pc to it and ping your internal cisco IPs. Your ICMP echo will be the "outside pool" address.

dissolved

thanks a lot guys
I see where I'm confused

NAT only occurs when translating public to private IP right...vice versa? (well, besides Cisco's static NAT, which can map private to private)

If I have a dual-homed box in my LAN, and one NIC is 192.168.3.1 and the other NIC is 192.168.2.1, then that isnt necessarily NAT happening. It's basically just a router? (I should of known this

)

My ciscos dont have NAT enabled in them. I think using a cable router as my gateway is screwing me up (logic wise). Maybe I should grab a 2514.

Heres another question. If you have:

T1
|
|
2500 router
|
|
pix
|
|
Clients

The router usually isnt doing NAT. It's just the connection to the CSU/DSU/ The pix is the one usually doing the NAT (and inspecting the packets at the same time). Is that correct? I heard the less NAT you do the better. And you REALLY only need to do it when going private to public /public to private.

I'll read that NAT link.
Thanks guys