Nat

alliasneoalliasneo Member Posts: 186
in CCNA & CCENT
Hey guys,

working on the topology attached. I have added static NAT mappings to the router and added ip nat inside/outside to the relevant interfaces but if I ping from 172.168.0.1 to 192.168.0.1 the routers aren't using the NAT mappings? Am I missing something here?



ip nat inside source static 172.168.0.1 10.0.0.2
ip nat inside source static 172.168.0.2 10.0.0.2
ip nat inside source static 172.168.0.3 10.0.0.2
· Share on FacebookShare on Twitter

Comments

  • fsanyeefsanyee Member Posts: 171
    I don't think you can map one global address to more than one local address. Use dynamic nat with more global address or nat overload.
    · Share on FacebookShare on Twitter
  • RoguetadhgRoguetadhg Member Posts: 2,489 ■■■■■■■■□□
    Nevermind, I just read the commands you put in. You'd need to give each static mapping an individual ip address.

    ip nat inside source static 172.168.0.1 10.0.0.1
    ip nat inside source static 172.168.0.2 10.0.0.2
    ip nat inside source static 172.168.0.3 10.0.0.3

    although, im making a quick lab to test :)
    R1(config)#ip nat inside source static 172.168.0.1 10.0.0.1
R1(config)#ip nat inside source static 172.168.0.2 10.0.0.1
% similar static entry (172.168.0.1 -> 10.0.0.1) already exists
    There we go. tested within GNS3.

    You'd either need a new inside global address per inside local address. Or run PAT.
    In order to succeed, your desire for success should be greater than your fear of failure.
    TE Threads: How to study for the CCENT/CCNA, Introduction to Cisco Exams

    · Share on FacebookShare on Twitter
  • fsanyeefsanyee Member Posts: 171
    Roguetadhg wrote: »

    You can use more than 1
    "ip nat inside source static x y" commands

    Really? And how is this work? when I type 10.0.0.2 in my browser from outside, which host will answer?
    · Share on FacebookShare on Twitter
  • RoguetadhgRoguetadhg Member Posts: 2,489 ■■■■■■■■□□
    you can map more than 1 inside global to 1 inside local.

    R1(config)#ip nat inside source static 172.168.0.1 10.0.0.1
    R1(config)#ip nat inside source static 172.168.0.2 10.0.0.1
    % similar static entry (172.168.0.1 -> 10.0.0.1) already exists
    R1(config)#ip nat inside source static 172.168.0.2 10.0.0.2

    I didn't catch that the commands alliaseno was trying to statically map 1 inside global address to 3 inside local addresses.
    In order to succeed, your desire for success should be greater than your fear of failure.
    TE Threads: How to study for the CCENT/CCNA, Introduction to Cisco Exams

    · Share on FacebookShare on Twitter
  • SteveO86SteveO86 Member Posts: 1,423
    Do you have a routing protocol going between the 2 routers so they are aware of the other network?
    My Networking blog
    Latest blog post: Let's review EIGRP Named Mode
    Currently Studying: CCNP: Wireless - IUWMS
    · Share on FacebookShare on Twitter
  • alliasneoalliasneo Member Posts: 186
    ahh right ok. I thought u would statically assign multiple private ip addresses to just one public address but I'm thinking of PAT and getting them confused I think? PAT would use one public ip address and multiple private addresses but change the port numbers?

    it's annoying that packet tracer didn't throw up that error message, I will have to try this on my real gear instead.

    How does this work though? in terms of NAT, you would need say a hundred public ip addresses in order to get hundred PC's to communicate out on the net? I thought NAT was supposed to reserve address:

    172.168.0.1 - 10.0.0.1
    172.168.0.2 - 10.0.0.2
    etc
    etc
    172.168.0.100 - 10.0.0.100
    · Share on FacebookShare on Twitter
  • alliasneoalliasneo Member Posts: 186
    SteveO86 wrote: »
    Do you have a routing protocol going between the 2 routers so they are aware of the other network?


    Hi SteveO86, yes I have OSPF configured.

    I just had a huge eureka moment though, I have vlans going on and a sub interface on my router. I added IP nat inside to the physical interface and not the sub interface so now I've done that and made the changes that Roguetadhg and everyone else said about it works:

    R2#sh ip nat stat
    Total translations: 10 (3 static, 7 dynamic, 7 extended)
    Outside Interfaces: Serial2/0
    Inside Interfaces: FastEthernet0/0 , FastEthernet0/0.20
    Hits: 7 Misses: 0
    Expired translations: 0
    Dynamic mappings:
    · Share on FacebookShare on Twitter
  • dustinmurphydustinmurphy Member Posts: 170
    alliasneo wrote: »
    ahh right ok. I thought u would statically assign multiple private ip addresses to just one public address but I'm thinking of PAT and getting them confused I think? PAT would use one public ip address and multiple private addresses but change the port numbers?

    it's annoying that packet tracer didn't throw up that error message, I will have to try this on my real gear instead.

    How does this work though? in terms of NAT, you would need say a hundred public ip addresses in order to get hundred PC's to communicate out on the net? I thought NAT was supposed to reserve address:

    172.168.0.1 - 10.0.0.1
    172.168.0.2 - 10.0.0.2
    etc
    etc
    172.168.0.100 - 10.0.0.100

    That's when you use NAT Overload instead of static NAT. :) It's much easier to configure and administer, anyways... using a single global address as the NAT address for multiple internal hosts.

    I've only used static NAT when I want to allow outside users to access services on an internal host (i.e. web server, ftp server, etc). I've seen a NAT pool used, but I've never used one.
    · Share on FacebookShare on Twitter
  • alliasneoalliasneo Member Posts: 186
    thanks for the clarification
    · Share on FacebookShare on Twitter
Sign In or Register to comment.