1. Home
  2. Cisco Systems
  3. No NAT between two routers

No NAT between two routers

Hello all,

I own a /24 subnet that I've proceeded to chomp into a /26 subnet. I currently have two routers on the subnet, one for the .0 network and one for the .64 network. Behind each router I have non-routable address spaces, i.e. 192.168.101.0/24 behind the .0 router and

192.168.201.0/24 behind the .64 router. Normally I want the non- routables to be NAT'ed whenever they leave the router, so I have access lists and ip nat rules set up to nat the non-routables to their respective router's external address when they leave the router. However, I would like to be able to set the non-routables to not be NAT'ed when they leave the router if they are headed for a non- routable on the other router. For example, if traffic is leaving from 192.168.101.11 to Google, I want it to be NAT'ed to its router's routable IP address. However, if traffic is leaving from 192.168.101.11 and is going to 192.168.201.58, I don't want it to be NAT'ed.

Any suggestions on how I can do this? Thanks in advance for your help.

Bryan

Reply to
Bryan
Loading thread data ...

You can use an access-list to define what get's NATed and what doesn't

eg.

access-list 120 deny ip 192.168.101.0 0.0.0.255 192.168.201 0.0.0.255 access-list 120 permit ip any any

ip nat inside source list 120 pool YOURPOOL overload

So here traffic is only NATed if it matches the permit of the acl. If it mattches the first statement (destined for the other private network) then NAT is not applied.

Chris.

Reply to
Chris

Awesome. Thanks Chris for your suggestion. I'll let you know if and when it works.

Reply to
Bryan

So I did as you said and it's still not working. I turned on 'debug ip nat detailed' and did some pings and such, and it never showed up in the debug stuff so I assume what you told me is doing its job. I guess the next place to look is my ip routes.

Here's the scenario:

Router #1 has an external IP of xxx.yyy.11.62, is connected to xxx.yyy.

11.1, and has the following route: ip route 0.0.0.0 0.0.0.0 xxx.yyy.11.1 Router #2 has an external IP of xxx.yyy.11.126, is connected to xxx.yyy.11.65, and has the following route: ip route 0.0.0.0 0.0.0.0 xxx.yyy.11.65

The non-routable network 192.168.101.0/24 sits behind Router #1, and the non-routable network 192.168.201.0/24 sits behind router #2. I made the additions you suggested above to both routers (switching ip addresses when necessary), and also added the following routes:

Router #1 -- ip route 192.168.201.0 255.255.255.0 xxx.yyy.11.62 Router #2 -- ip route 192.168.101.0 255.255.255.0 xxx.yyy.11.126

So... are the routes I added above not correct? Can you specify a forwarding router's address that isn't directly connected to the router you're adding the route command to?

Reply to
Bryan

A static route should point to a next hop IP address, ie. the next device along the path. It sounds as though you have another router (or routers) in the middle of #1 and #2. Do the routers in the middle have routes to both private networks. What does "sh ip route" on #1 and #2 show? How are xxx.yyy.11.1 and xxx.yyy.11.65 connected?

Chris.

Reply to
Chris

Do you have a third router that connects both of them to the Internet? In that case, the simplest solution is to do all the NAT on the Internet router, not the internal routers.

Reply to
Barry Margolin

Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.