Real life NAT problem

From: Leigh Harrison (ccileigh@gmail.com)
Date: Thu Dec 08 2005 - 15:27:00 GMT-3

• Next message: Leigh Harrison: "Re: Hi Everyone.i want to know something about of R&S IE"
• Previous message: 520cisco@gmail.com: "Hi Everyone.i want to know something about of R&S IE Workbook"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

All,

Bit long winded this one...

I was asked to configure something for a cutstomer today. My first go
didn't work, but I got it sorted in the end. Only a simple thing, but
I'm not 100% sure why my initial config didn't work.

Problem was this:-

Migrating AD due to a company take over.

network 1
192.168.254.x/24
d/g 192.168.254.254 (adsl internet link)

network 2
192.168.x.x/24 - various /c networks
d/g 192.168.250.254

I had a router delivered to site for me to join the 2 networks. "Nice
easy day" I thought. The router that arrived only had 1 fast ethernet
port. Ok, I thought - I can still sort this no problems - I'm a ccie, me ;)

I connected it like this:-

net 1 -- switch1 -- newrouter -- switch1 -- net2router -- net2

HOWEVER !! Network 2 has a network of 192.168.254.x also.

During the migration, they still need to use their internet link for mail.

New router has only the single connection. I put a secondary ip address
on it, so that it could talk to net2 router.

The network 192.168.254.x in network 2 is connected to the net2router.

I configured newrouter like this:- (I'm doing this from memory, so
excuse the slack code)

int f0/0
 ip add 192.168.254.200 255.255.255.0
 ip add 1.1.1.1 255.255.255.252 secondary
 ip nat inside
 ip policy route-map NEW

int loop 0
 ip add 172.16.0.254 255.255.255.0
 ip nat outside

ip nat pool NEW 172.16.0.1 172.16.0.100 netmask 255.255.255.0
ip nat source inside list 101

access-list 101 permit ip 192.168.254.0 0.0.0.255 192.168.0.0 0.0.255.255

route-map NEW permit 10
 match ip address 101
 set interface loop 0
route-map NEW permit 20

ip route 0.0.0.0 0.0.0.0 192.168.254.254
ip route 192.168.0.0 255.255.0.0 1.1.1.2

ip telnet source-interface loop 0
------
net2router had this on it:-

int f0/1
 ip add 1.1.1.2 255.255.255.252

ip route 172.16.0.0 255.255.255.0 1.1.1.1

I could telnet on no problems, but when I tried to ping from net 1 to
net 2, no joy. I did a debug on the router and I saw the ping go out
and come back in.

I felt pretty smug that it should work like this, but no joy.

Anyone know why?

LH

• Next message: Leigh Harrison: "Re: Hi Everyone.i want to know something about of R&S IE"
• Previous message: 520cisco@gmail.com: "Hi Everyone.i want to know something about of R&S IE Workbook"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Mon Jan 09 2006 - 07:07:50 GMT-3