Solved: Perfect! Good to hear that it

thambright · ‎02-25-2017

I have a new client with same Network as what we are using and would like to see if there is a way to connect to a few devices on the client side without configuring anything on their router. Is there a way to NAT on my side so I am routing from my Nexus to the NAT'ed ip's?

Layout is Network A = 10.1.1.0/24 connects through Nexus Switch (routing) to RouterA on interface g0/0 = 10.1.201.1/24. RouterA interface g0/1 = 172.20.20.1/30 MPLS running BGP connects to client RouterB = interface g0/1 = 172.20.20.2/30. RouterB = interface g0/0 = 10.1.1.0/24

I had originally thought I may need a second router on my Network A side but was not sure. Any help/advice would be appreciated.

Francesco Molino · ‎02-25-2017

Hi

Yes, you're right, you will need a router in between that natting what arrives from outside and what arrives in its inside.

the router command for natting inside (your subnet) to for example 192.168.3.0/24 would be:

ip nat inside source static network 10.1.1.0 192.168.3.0 /24

And for the outside (other end) to 192.168.4.0/24, it would be:

ip nat outside source static network 10.1.1.0 192.168.4.0 /24

Is that make sense?

Thanks

PS: Please don't forget to rate and mark as correct answer if this answered your question

Thanks
Francesco
PS: Please don't forget to rate and select as validated answer if this answered your question

View solution in original post

Francesco Molino · ‎02-25-2017

Hi

Yes, you're right, you will need a router in between that natting what arrives from outside and what arrives in its inside.

the router command for natting inside (your subnet) to for example 192.168.3.0/24 would be:

ip nat inside source static network 10.1.1.0 192.168.3.0 /24

And for the outside (other end) to 192.168.4.0/24, it would be:

ip nat outside source static network 10.1.1.0 192.168.4.0 /24

Is that make sense?

Thanks

PS: Please don't forget to rate and mark as correct answer if this answered your question

Thanks
Francesco
PS: Please don't forget to rate and select as validated answer if this answered your question

thambright · ‎02-27-2017

Thanks Francesco, with some additional routing and your suggestion I was able to get this working perfectly. For my production side I only needed two static NAT connections to the client side. I was able to make this work by injecting an additional router between our Nexus Switch and RouterA.

RouterA1 NAT's,

ip nat inside source static 10.1.1.50 10.20.20.50

ip nat outside source static 10.1.1.18 10.20.20.18

Layout is Network A = 10.1.1.0/24 connects through Nexus Switch (routing) to RouterA1 on interface g0/0 = 10.1.201.2/24. RouterA1 interface g0/1 = 10.20.20.2/24 connect to RouterA interface g0/0 = 10.20.20.1/24. RouterA interface g0/1 = 172.20.20.1/30 MPLS running BGP connects to client RouterB = interface g0/1 = 172.20.20.2/30. RouterB = interface g0/0 = 10.1.1.0/24

By setting it up this way the 10.20.20.0/24 network is automatically in the BGP table since its a connected interface. The inside nat is my IP address translating to 10.20.20.50 on the way out to the client side. The outside nat is the translation for the device on the client side to the 10.20.20.18 ip so that from my side I can route any 10.20.20.0/24 traffic to the RouterA1.

Francesco Molino · ‎02-27-2017

Perfect! Good to hear that it worked.

Thanks
Francesco
PS: Please don't forget to rate and select as validated answer if this answered your question

Overlapping Network NAT Question