1. Home
  2. Cisco Systems
  3. NAT Puzzler - help please

NAT Puzzler - help please

Please reference the ASCII drawing below. Hopefully it will come through OK. If not, a font change to Courier should work. I have been asked to connect 2 networks (one DEV, one QA) to a common server. The server has 2 NICs. The challenge is that both networks use the exact same subnet configurations. I figure some kind of NAT should do this trick but can't seem to wrap my head around it. What stumps me is how the server will distinuish between the 2 networks. I have a 2600 series router with 2 Fast Ethernet IF's to work with. Is this possible? Any help appreciated. Thanks -Rob-

x= multiple subnets which exist identically on both networks

______ 192.168.2.0/24 ___ 192.168.1.0/24 ___ 192.168.x.0/24 | |______________/NAT\\______________/ \\_____ | Srvr |.100 .254| RTR |.100 .254| RTR |.254 |______| \\___/ \\___/ |.100 |

192.168.1.0/24 | _|_.254 / \\ | RTR | \\___/ |.254 | 192.168.x.0/24
Reply to
ve7eje
Loading thread data ...

The server CAN'T distinguish between both networks, so before you work out how the network can do this, the server guys need to figure out how the server can do this.

Every device on a network is a "router" in that it must determine which interface to use to send a packet. On a device with only a single NIC, its pretty simple, but remember that it still needs a default route to use the interface. On a server with multiple NICs it will use a routing table as well. If the server has two default routes, the server will load-balance packets and it won't communicate with anything because it will be talking to two different networks (the Dev and the QA). The simplest solution is that the server has two network connections (one on the QA and another on DEV) and the server guys connect it to one OR the other depending on if they are doing development or QA. The server CANT do both at the same time. The server application can't tell if it suppose to talk to the QA network or the Dev network, so once the packet is on the network, how are the routers suppose to know? The only other solution is that you renumber one of the two networks so that address space does not overlap.

Reply to
Thrill5

Let me try -

The server cannot distinguish between the two

192.168.x.0 networks without NATting one of them to another range. If this is a requirtement of your design then it cannot be accomplished.

What you can do is to create a new 'virtual' subnet that does not really exist and the server can refer to the NATted subnet using the new address.

For example:-

For example you could create the new *dummy* network 10.1.x.0 255.255.255.0 and use NAT in your NAT router to convert all 192.168.x.0 addresses to 10.1.x.0 addresses.

If this is heading in the right direction then you could use the "Match Host" NAT as described in

formatting link
Hosts on the 192.168.x.0 subnet would attempt to connect to the server using 192.168.2.100 and the source addresses of the packets would be altered from say 192.168.x.3 to 10.1.x.3.

Note that if you are using DNS within your network to then you may have problems with that too. The Cisco NATter does have a NAT Application Layer Gatway which is supposed to fix up DNS payloads however I have never seen it work as I expected.

Assume that x =3D 7. I have also changed one of your 192.168.1.0 networks to 192.168.88.0.

192.168.2.254 ip nat outside 192.168.88.100 ip nat inside

I think that this is what you might need but I have not tested it.

ip nat inside source static network 192.168.7.0 10.1.7.0 255.255.255.0

!
Reply to
bod43

Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.