Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations strongm on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Partly-dynamic / partly-static NAT

Status
Not open for further replies.
jmkelly

jmkelly

IS-IT--Management
May 14, 2002
25
US
For historical reasons, we have to NAT just one of our networks on its way to a colo. Our network is 10.0.0.0/9, the colo's is 10.240.0.0/22, and most of our networks can go through untranslated--but another customer is using 10.1.0.0/22, so we have to translate that one: our 10.1.x.y <=> 10.2.x.y, with x and y remaining constant.
I set that up a couple of weeks ago and it works fine. HOWEVER, when a server at the colo tries to access a printer on our 10.1.0.0/22, it uses the NATted address (as it should), and that address comes right through the "outside" interface and never gets translated.
The problem is, basically, that the only way a translation gets added to the NAT table is when a packet from 10.1.0.0/22 enters the "inside" interface bound for 10.240.0.0/22. I need that to keep happening, but I also need packets from 10.240.0.0/22 entering the "outside" interface to have their destination addresses translated from 10.2.x.y to 10.1.x.y, and again x and y must stay the same.
The only way I see to get this done is to add static NATs for the dozen or two printer addresses, but I really hate to do that--it's ugly and cumbersome. Anyone see another way?
 
Sort by date Sort by votes
In your case your only option would be Static Nat. However, the bigger question is why isn't your network segmented at the colo? Each client of a colo should be in a separate VRF in which there would be no IP overlap and no nat necessary.
 
Upvote 0 Downvote
Brianinms, thanks for the reply. Cisco Tech Support concurs. An interesting difference between the Cisco ASA and its IOS routers: the ASA had no trouble with this, the router....
As to your bigger question, the answer may be that we're passing through an MPLS cloud and the provider is willing to provide only so many layers of VRF. I know that another parallel situation we have, all the clients' traffic is NATted on the way to the colo. The NATting is done on the provider's edge routers.
Anyway, thanks for the help.
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

jmkelly
  • Locked
  • Question
Dynamic routing protocols for catalyst 3850 switches
Replies
4
Views
195
ADB100
ADB100
darktriad
  • Locked
  • Question
Cisco ASA 9.4: Configuring NAT
Replies
0
Views
87
darktriad
darktriad
netguy2000
  • Locked
  • Question
Cisco router 1841 NAT/PAT problem
Replies
0
Views
62
netguy2000
netguy2000
ameyUK
  • Locked
  • Question
Static routes and EIGRP
Replies
1
Views
62
pablo100
pablo100
ngtri
  • Locked
  • Question
Please, need your help to check my configurations. NAT and HSRP
Replies
0
Views
59
ngtri
ngtri

Part and Inventory Search

Sponsor

Back
Top