NAT over Frame Relay Point To Point - Router on A Stick & EIGRP

M1S0M1S0 Member Posts: 41 ■■□□□□□□□□
Hi I have configure the following for Frame Relay/NAT/Router on a Stick & EIRGP.
The networks for the Routers are:

Router 1
internal 172.16.0.0/22
external 37.18.216.0/22

Router 2
internal 172.16.4.0/22
external 46.59.108.1/22

within the two networks i created a router on a stick with a subinterface fa 0/0.40 (R1 fa0/0.40 subnet 172.16.2.128 /27
R2 fa0/0.40 subnet 172.16.6.128/27) and I am able to ping between the two networks but I do not get any NAT translations I posted the Routers info & output fo NAT statistics as well.

//Router 1
interface FastEthernet0/0
no ip address
ip nat inside
duplex auto
speed auto
!
interface FastEthernet0/0.40
encapsulation dot1Q 40
ip address 172.16.2.129 255.255.255.224
ip nat inside
!
interface FastEthernet0/1
no ip address
duplex auto
speed auto
!
interface Serial0/0/0
no ip address
encapsulation frame-relay
ip nat outside
!
interface Serial0/0/0.102 point-to-point
ip address 172.16.3.105 255.255.255.252 (subnet 172.16.3.104/30 from the network 172.16.0.0/22)
frame-relay interface-dlci 102
ip nat outside
!
interface Serial0/1/0
no ip address
shutdown
!
router eigrp 18
network 172.16.0.0
no auto-summary
!
ip nat pool R1 37.18.216.1 37.18.219.254 netmask 255.255.252.0
ip nat inside source list 1 pool R1
ip classless
!
!
access-list 1 permit 172.16.0.0 0.0.21.0
!
sh ip nat statistics
Total translations: 0 (0 static, 0 dynamic, 0 extended)
Outside Interfaces: Serial0/0/0 , Serial0/0/0.102
Inside Interfaces: FastEthernet0/0 , FastEthernet0/0.40
Hits: 0 Misses: 60
Expired translations: 0
Dynamic mappings:
-- Inside Source
access-list 1 pool R1 refCount 0
pool R1: netmask 255.255.252.0
start 37.18.216.1 end 37.18.219.254
type generic, total addresses 1022 , allocated 0 (0%), misses 0

//Router 2
interface FastEthernet0/0
no ip address
ip nat inside
duplex auto
speed auto
!
interface FastEthernet0/0.40
encapsulation dot1Q 40
ip address 172.16.6.129 255.255.255.224
ip helper-address 172.16.5.130
ip nat inside
!
interface Serial0/0/0
no ip address
encapsulation frame-relay
ip nat outside
!
interface Serial0/0/0.101 point-to-point
ip address 172.16.3.106 255.255.255.252 (subnet 172.16.3.104/30 from the network 172.16.0.0/22)
frame-relay interface-dlci 101
ip nat outside
!
router eigrp 18
network 172.16.0.0
no auto-summary
!
ip nat pool R2 46.59.108.1 46.59.111.254 netmask 255.255.252.0
ip nat inside source list 1 pool R2
ip classless
!
!
access-list 1 permit 172.16.0.0 0.0.21.0
! sh ip nat statistics
Total translations: 0 (0 static, 0 dynamic, 0 extended)
Outside Interfaces: Serial0/0/0 , Serial0/0/0.101
Inside Interfaces: FastEthernet0/0 , FastEthernet0/0.40
Hits: 0 Misses: 60
Expired translations: 0
Dynamic mappings:
-- Inside Source
access-list 1 pool R2 refCount 0
pool R2: netmask 255.255.252.0
start 46.59.108.1 end 46.59.111.254
type generic, total addresses 1022 , allocated 0 (0%), misses 0

Any help will be appreciate
Thanks

Comments

  • networker050184networker050184 Mod Posts: 11,962 Mod
    How are you pinging? Also look at your access-list. What host will match this?
    An expert is a man who has made all the mistakes which can be made.
  • M1S0M1S0 Member Posts: 41 ■■□□□□□□□□
    the one network which is R1 is configure with the DHCP as the router is working is translating but the network R2 is confgure with a dhcp server and ip helper on the Router and is not translating
  • networker050184networker050184 Mod Posts: 11,962 Mod
    access-list 1 permit 172.16.0.0 0.0.21.0

    Ok, break that down in binary. What will the last octet match on?
    An expert is a man who has made all the mistakes which can be made.
  • M1S0M1S0 Member Posts: 41 ■■□□□□□□□□
    sorry i did not put all the outputs from the sh run command because are too many i have the following lists which are the subnets

    access-list 1 permit 172.16.2.128 0.0.0.21
    access-list 1 permit 172.16.6.128 0.0.0.21

    R1 fa0/0.40 subnet 172.16.2.128 /27
    R2 fa0/0.40 subnet 172.16.6.128/27
  • networker050184networker050184 Mod Posts: 11,962 Mod
    Ok how are you pinging? What is your source address? Is it one that will be translated?

    Also look at that inverse mask again. What is it going to match on?
    An expert is a man who has made all the mistakes which can be made.
  • M1S0M1S0 Member Posts: 41 ■■□□□□□□□□
    I am pinging with pc 172.16.6.130 to pc 172.16.2.130
  • networker050184networker050184 Mod Posts: 11,962 Mod
    So what is 130 in binary? Will it match the last octet with your current inverse mask?

    10000010
    00010101
    An expert is a man who has made all the mistakes which can be made.
  • M1S0M1S0 Member Posts: 41 ■■□□□□□□□□
    is better if you see the file i think because it does not lead anywhere here
    there are many things I did not put from the sh run output

    access-list 1 permit 172.16.2.128 0.0.0.31
    access-list 1 permit 172.16.6.128 0.0.0.31

    sorry

    from the access-list 1 permit 172.16.6.128 0.0.0.31 i can ping and i get a respond but when i ping from the

    access-list 1 permit 172.16.2.128 0.0.0.31 i get a request time out
  • networker050184networker050184 Mod Posts: 11,962 Mod
    You need to show the configuration you are using. Can't help you if you are showing one config and trying to use another.
    An expert is a man who has made all the mistakes which can be made.
  • networker050184networker050184 Mod Posts: 11,962 Mod
    How are you expecting the routers to know how to get to each others NAT range?
    An expert is a man who has made all the mistakes which can be made.
  • M1S0M1S0 Member Posts: 41 ■■□□□□□□□□
    what do i have to do add the network under the routing, is the place i need help please
  • networker050184networker050184 Mod Posts: 11,962 Mod
    You have several ways to get a route in the table. Easiest would be a default route. You could use static routes, redistribute into an IGP, etc.
    An expert is a man who has made all the mistakes which can be made.
  • M1S0M1S0 Member Posts: 41 ■■□□□□□□□□
    in my case can i use EIGRP ?
    at the moment why am i getting nat translation when i ping to a device under R1 from a device under R2
    but when i ping from a device under R1 to a device under R2 i get request time out until i add access-list under R2

    access-list 1 permit 172.16.6.128 0.0.0.31

    and do not get anything
  • networker050184networker050184 Mod Posts: 11,962 Mod
    I don't understand your question.
    An expert is a man who has made all the mistakes which can be made.
  • M1S0M1S0 Member Posts: 41 ■■□□□□□□□□
    when i remove the access-list 1 permit 172.16.6.128 0.0.0.31 from R2
    I can ping a device which is under the R1
  • networker050184networker050184 Mod Posts: 11,962 Mod
    I assume it's because it's no longer translated so there is a return path for the destination address. Not knowing which device and it's address doesn't help though.
    An expert is a man who has made all the mistakes which can be made.
  • M1S0M1S0 Member Posts: 41 ■■□□□□□□□□
    ohh ok I played around by removing and adding the access lists i got it now.

    how should i do the default route like that

    ip route 37.18.216.0 255.255.252.0 172.16.3.105

    ip route 46.59.108.0 255.255.252.0 172.16.3.106

    i guess no
  • networker050184networker050184 Mod Posts: 11,962 Mod
    A default route would be ip route 0.0.0.0 0.0.0.0 <next-hop>. You could also do specific routes like you stated. You could get even more creative and do null routes and redistribute into EIGRP. Many ways to make it happen.
    An expert is a man who has made all the mistakes which can be made.
  • M1S0M1S0 Member Posts: 41 ■■□□□□□□□□
    they way i stated did not work , would it be possible to guideline me how to do null routes and redistribute into eigrp pls
  • networker050184networker050184 Mod Posts: 11,962 Mod
    It should work. Make sure you are have your networks and next hops set correctly.

    Redistributing Routing Protocols - Cisco
    An expert is a man who has made all the mistakes which can be made.
  • networker050184networker050184 Mod Posts: 11,962 Mod
    It's confusing since you aren't giving the output from the router. Are you adding the route to the opposite router of where the subnet is being used?
    An expert is a man who has made all the mistakes which can be made.
  • networker050184networker050184 Mod Posts: 11,962 Mod
    Ok, I think you are missing some of the fundamentals here. Look at it this way, in the real world you won't have a way to route to the privately addressed LANs over the internet. That is the whole point of NAT. You can't ping from a host on the LAN directly to a host on the other LAN since there is no routing. You have short circuited this by running EIGRP and sharing those LAN segments. Another thing you can't do over the internet without some work around beyond the scope here.

    So, when a ping goes out it is translated. Once the reply comes back it is also translated. You do not have translations built for that incoming traffic.
    An expert is a man who has made all the mistakes which can be made.
  • M1S0M1S0 Member Posts: 41 ■■□□□□□□□□
    so i have to configure a translation for the incoming traffic and an access list for the incoming traffic as well correct ?
  • networker050184networker050184 Mod Posts: 11,962 Mod
    Depends. What exactly is the goal of this? Are you trying to simulate NAT over the internet? Some back to back NAT or something else?
    An expert is a man who has made all the mistakes which can be made.
  • M1S0M1S0 Member Posts: 41 ■■□□□□□□□□
    i am trying to get the network under R1 to communicate with the network under R2 by using NAT at the moment and later on i may add redistribution as you told me sir
    thx for all your help really appreciate
  • networker050184networker050184 Mod Posts: 11,962 Mod
    I'd suggest you do a little more reading on NAT, how translations are made and tracked. Incoming vs outgoing translations. Then I think you will understand what is going on with your setup.
    An expert is a man who has made all the mistakes which can be made.
  • M1S0M1S0 Member Posts: 41 ■■□□□□□□□□
    ok Sir do you suggest any good books about NAT
  • networker050184networker050184 Mod Posts: 11,962 Mod
    Any books or just google some information.

    The point of NAT is that you can't route natively to the other side. You are mixing NAT and native reachability together by running the routing protocol between the routers with their LAN networks shared. You could do some destination NAT along with a static incoming translation. You are making it much more complicated than it need to be though. What you are trying to do would be much better off accomplished with an IPSEC tunnel.
    An expert is a man who has made all the mistakes which can be made.
  • M1S0M1S0 Member Posts: 41 ■■□□□□□□□□
    sorry sir
    so is better to just create ipsec or gre tunnels between r1 and r2 keep eigrp configuration and remove nat
Sign In or Register to comment.