Cisco 2600 NAT problem

[JJ1]

All,

I'm a beginner to NAT/Cisco and I was hoping someone could give me some advice on NAT. The set up is as follows:

- Network 1 (10.97.83.0) - Interface fa0/1
- Network 2 (192.168.200.0) - Interface fa0/0

A machine in network 1 (10.97.83.251) needs to connect on port 3389 (MS RDP) to a machine on network 2 (192.168.200.12).

Network 1 does not know the address strucutre of Network 2, so we have created an address, 10.97.83.1 for the client machine in Network 1 to connect to. The NAT router should then work the magic (or not!)...

Here is the running-config on the NAT router:

...
!
!
!
interface FastEthernet0/0
ip address 10.0.0.1 255.255.255.252
[red]ip nat outside[/red]
speed 100
full-duplex
no cdp enable
!
interface FastEthernet0/1
ip address 10.97.83.11 255.255.255.0
[red]ip nat inside[/red]
speed 100
full-duplex
![red]
ip nat outside source static 192.168.200.19 10.97.83.251
ip nat outside source static 192.168.200.19 10.97.83.4
ip nat outside source static 192.168.200.26 10.97.83.10
ip nat outside source static 192.168.200.25 10.97.83.9
ip nat outside source static 192.168.200.24 10.97.83.8
ip nat outside source static 192.168.200.23 10.97.83.7
ip nat outside source static 192.168.200.22 10.97.83.6
ip nat outside source static 192.168.200.21 10.97.83.5
ip nat outside source static 192.168.200.18 10.97.83.3
ip nat outside source static 192.168.200.13 10.97.83.2
ip nat outside source static 192.168.200.12 10.97.83.1[/red]
ip classless
[red]ip route 192.168.200.0 255.255.255.0 10.0.0.2[/red]
no ip http server
!
!
...
end

Now, I have never configured NAT before, so my first thought was to try "debug ip nat detail":
[red]
*IP: NAT enab = 1 trans = 0 flags = 80
*IP: s=10.97.83.251 (FastEthernet0/1), d=10.97.83.1 (FastEthernet0/1), len 48, rcvd 3
*NAT: o: tcp (10.97.83.1, 3389) -> (10.97.83.251, 10239) [41432]
*IP: s=10.97.83.1 (local), d=10.97.83.251 (FastEthernet0/1), len 40, sending
[/red]

Would anyone be able to help me with this debug? What does "trans = 0" mean? What does the third line mean?

It looks to me as though the NAT translation table is not being referenced?

Do I have something wrong with my NAT statements?

Any help at all would be very much appreciated ;-)

Thanks in advance to anyone who replys.

All the best,

James.

 

[rsivanandan]

Hi James,

I am not sure I understood your question correctly! It seems to me that you have 2 private networks connected through a router and you want them to talk to each other. All you need to do is to connect these networks to the router and thats it. The router will do the routing and you don't need any Natting! Please refer to the configuration below; Also please let me know if I am missing something on your scenario;

...
!
!
!
interface FastEthernet0/0
ip address 192.168.200.1 255.255.255.0
speed 100
full-duplex
no cdp enable
!
interface FastEthernet0/1
ip address 10.97.83.11 255.255.255.0
speed 100
full-duplex
!
no ip http server
!
!
...
end


Here for the router both the networks are connected and so you don't need a routing protocol or a default gateway.

Hope this helps!

Cheers,
Rajesh

 

[JJ1]

Hi Rajesh,

Thanks for the reply. The two networks are actually seperate companies who do not want to 'see' the insides of each other's network.

I've actually solved the problem and will post the two solutions tomorrow. The NAT table posted above is correct, but I needed to add a manual route statement for each NAT table entry.

If you look at the debug results above, you can see that packets arriving through interface fa0/1 are sent straight back along the same interface, hence the need for additional routing statements.

More info to follow...


Thanks,

James.