1. Home
  2. Cisco Systems
  3. NAT: which interfaces to use on 870 series routers ?

NAT: which interfaces to use on 870 series routers ?

A while back, I posted about a problem of 2 wi-fi devices unable to talk to each other and wi-fi unable to reach a particular host on the wired lan, and that those were sporadic problems.

I *think* am an narrowing down the problem to NAT. I put a NAT timeout of 1 hour instead of the default 24 hours. I suspect that Bittorrent usage tended to load the NAT tables quite a bit. This seems to have alleviated the problem, but not fixed it.

So now, i am looking at a sanity check for my setup which works, but which may not be "right".

In the NAT section:

ip nat translation timeout 3600 ip nat pool natpool1 10.0.0.0 10.0.255.255 netmask 255.255.0.0 ip nat inside source list 23 interface Dialer1 overload ip nat inside source static tcp 10.0.0.20 23 interface Dialer1 23 ip nat inside source static tcp 10.0.0.21 25 interface Dialer1 25 ip nat inside source static tcp 10.0.0.22 80 interface Dialer1 80 etc

QESTION: Since there is only one external IP address that gets directed to a couple of hosts on the LAN depending on port, do I need the ip nat pool statement ?

I originally put it in there because various examples on the net had such a statement there. From what I read, the "overload" is what really specifies I want PAT.

------------------------------------

interface Dialer1 description PPPoE to Modem ip address negotiated ip access-group ACLinbound in ip access-group ACLoutbound out ip mtu 1492 ip nat outside etc

interface BVI10 ip address 10.0.0.1 255.255.0.0 ip nat inside ip virtual-reassembly

QUESTION: Since the BVI10 interface also ties in the wi-fi interface, is this the right interface to which one applies the "ip nat inside" statement ?

When a Wi-Fi device sends packets to a LAN device, it passes through the BVI10 device. Would the IP NAT INSIDE interfere with this bridging function ? Or is the BVI device smart enough to ignore routing functions when the source and destination IPs are in the same subnet ?

is it the ip-nat-inside and ip-nat-outside which create the link between the dialer1 and the BVI10 devices ?

My internal lan is in the 10.0/16 subnet for both the wi-fi and wired LAN. (there are a couple of other subnets but they don't matter in this case)

Reply to
JF Mezei
Loading thread data ...

Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.