NAT over Frame Relay

[packetjunkie]

I'm trying to NAT a FR circuit with 3 sub interfaces. I do not want to route our business partner's address space on our network. Can anyone provide a working config on how to accomplish this? I have set this up in a lab scenario using a pool of NAT addresses but connectivity only works if it's innitiated from the outside. I would also like be able to ping them from the inside, but unless a translation already exists in the NAT table, this does not seem possible. Can this even be done as such??

interface Ethernet0
description To LAN
ip address 10.x.x.x 255.255.254.0
no ip redirects
no ip unreachables
ip nat inside
no cdp enable

interface Serial0
description To ACME
no ip address
no ip redirects
no ip unreachables
encapsulation frame-relay IETF
no ip route-cache
no ip mroute-cache
frame-relay lmi-type ansi

interface Serial0.1 point-to-point
description Link to (.65)
ip address 10.210.210.66 255.255.255.252
ip access-group XXX in
ip nat outside
no ip route-cache
no ip mroute-cache
no cdp enable
frame-relay interface-dlci 18
!
interface Serial0.2 point-to-point
description Link to (.81)
ip address 10.2.2.82 255.255.255.252
ip access-group XXX in
ip nat outside
no ip route-cache
no ip mroute-cache
no cdp enable
frame-relay interface-dlci 17
!
interface Serial0.3 point-to-point
description Link to (.70)
ip address 10.210.210.69 255.255.255.252
ip access-group XXX in
ip nat outside
no ip route-cache
no ip mroute-cache
no cdp enable
frame-relay interface-dlci 19

router eigrp 10
redistribute static
network 10.0.0.0
distribute-list 3 out Ethernet0
no auto-summary
eigrp log-neighbor-changes
!
ip nat pool test 10.20.31.193 10.20.31.254 netmask 255.255.255.192
ip nat outside source list 8 pool test
ip route 10.20.31.192 255.255.255.192 Serial0

Your suggestions, comments, and even ridicule are appreciated!

-PJ

 

[jeter]

Which interface is to the internet? That would be the ip nat outide and all other interfaces will have ip nat inside. Know its to early and I do not recall the ip nat source line I will check it out this morning and get back to you ASAP. Jeter@LasVegas.com
Fisher CCNA,(Routing)

 

[packetjunkie]

Jeter,

Serial0 is to the Internet. As you can see above, it is configured as the outside NAT. Ethernet0 is configured as the inside NAT. I'm basically trying not to route the 10.210.x.x. and 10.2.x.x address ranges on our network. That is why I am NAT'ing them inbound. Any connections innitiated from the outside will appear as 10.20.31.x addresses. However, if I try to innitiate a connection from the inside, it won't work because a ping to 10.210.x.x or 10.2.x.x does'nt know where to go. Still with me?

-PJ

 

[jeter]

its looks like you need to add an access-list

access-list 1 permit any

add this statement and remove the other nat statements

ip nat inside source list 1 interface serial0 overload


ip nat inside needs to be on the ethernet ports and the inbound serial interfaces, ip nat outside should be the internet serial0 interface that you indicated.
Jeter@LasVegas.com
Fisher CCNA,(Routing)