NAT across multiple routers
2lazybutsmart
Member Posts: 1,119
in CCNA & CCENT
Hello Folks,
It's been a while since I've posted and I'm not sure if this is the right thread for this question, but here we go:
I have a little NAT issue at work and was hoping someone can help out. Basically there are 2 routers on the hop (Router A and Router
to the device (Device A) that we want to translate it's private IP to a public IP. Here's how the network looks (I've changed the actual IPs for obvious reasons):
DeviceA (10.1.1.2) <-> (f0/1: 10.1.1.1) RouterA (f0/0: 10.2.1.2) <-> (f0/1: 10.2.1.1) RouterB (f0/0: 82.1.1.2 & 82.1.1.3 as secondary IP) <-> (f0/1: 82.1.1.1) RouterC <-> Internet < -> Device B
Here are some facts:
- We want to initiate connetions to Device A from Device B through the internet by mapping the private IP of Device A 10.1.1.1 to the public IP 82.1.1.3.
- From Router B, Device A's private IP can be pinged sucessfully.
- We defined a NAT config on Router B that maps 10.1.1.2 on the inside interface to 82.1.1.3, and maps 82.1.1.3 on the outside interface to 10.1.1.2
- From Router C, 82.1.1.3 can be pinged and Router B successfully translates 82.1.1.3 to 10.1.1.2 and then back from 10.1.1.2 to 82.1.1.3.
- From Device B, however, pinging 82.1.1.3 fails. If you look at the NAT debug on Router B, you can see 82.1.1.3 being translated to 10.1.1.2, but you don't see 10.1.1.2 being translated back to 82.1.1.3.
Any ideas?
Thanks for the help.
It's been a while since I've posted and I'm not sure if this is the right thread for this question, but here we go:
I have a little NAT issue at work and was hoping someone can help out. Basically there are 2 routers on the hop (Router A and Router
to the device (Device A) that we want to translate it's private IP to a public IP. Here's how the network looks (I've changed the actual IPs for obvious reasons):DeviceA (10.1.1.2) <-> (f0/1: 10.1.1.1) RouterA (f0/0: 10.2.1.2) <-> (f0/1: 10.2.1.1) RouterB (f0/0: 82.1.1.2 & 82.1.1.3 as secondary IP) <-> (f0/1: 82.1.1.1) RouterC <-> Internet < -> Device B
Here are some facts:
- We want to initiate connetions to Device A from Device B through the internet by mapping the private IP of Device A 10.1.1.1 to the public IP 82.1.1.3.
- From Router B, Device A's private IP can be pinged sucessfully.
- We defined a NAT config on Router B that maps 10.1.1.2 on the inside interface to 82.1.1.3, and maps 82.1.1.3 on the outside interface to 10.1.1.2
- From Router C, 82.1.1.3 can be pinged and Router B successfully translates 82.1.1.3 to 10.1.1.2 and then back from 10.1.1.2 to 82.1.1.3.
- From Device B, however, pinging 82.1.1.3 fails. If you look at the NAT debug on Router B, you can see 82.1.1.3 being translated to 10.1.1.2, but you don't see 10.1.1.2 being translated back to 82.1.1.3.
Any ideas?
Thanks for the help.
Exquisite as a lily, illustrious as a full moon,
Magnanimous as the ocean, persistent as time.
Magnanimous as the ocean, persistent as time.
Comments
-
pham0329
Member Posts: 556
2lazybutsmart wrote: »
- We defined a NAT config on Router B that maps 10.1.1.2 on the inside interface to 82.1.1.3, and maps 82.1.1.3 on the outside interface to 10.1.1.2
Shouldn't you just have a (one) static mapping from 10.1.1.2 to 82.1.1.3? A NAT mapping maps 2 way so you wouldn't need to one for 10.1.1.2 to 82.1.1.3 and another for 82.1.1.3 to 10.1.1.2 -
r_durant
Member Posts: 486 ■■■□□□□□□□
2lazybutsmart wrote: »- From Router C, 82.1.1.3 can be pinged and Router B successfully translates 82.1.1.3 to 10.1.1.2 and then back from 10.1.1.2 to 82.1.1.3.
- From Device B, however, pinging 82.1.1.3 fails. If you look at the NAT debug on Router B, you can see 82.1.1.3 being translated to 10.1.1.2, but you don't see 10.1.1.2 being translated back to 82.1.1.3.
Check your routing, maybe a downstream router does not know how to get back to Device B. I suspect this could be 'any' IP, seeing that it is out on the Internet.
Do a traceroute and see where it dies...
Try pinging using the interface facing Device BCCNA (Expired...), MCSE, CWNA, BSc Computer Science
Working on renewing CCNA!