NAT – STATIC OUTSIDE TO RESOLVE OVERLAPPING ADDRESS ISSUE

There are times when we are required to configure NAT Static outside feature on cisco devices.

Below scenario will help in understanding the requirement of “ip nat outside source static” command.

nat-static-outside-to-resolve-overlapping-address-issue

An existing customer has office location “Site A” which accesses Internet and business applications through the Gateway Router R1 (192.168.123.1). H1 and H2 are hosts which need to access a remote Server (IP = 100.100.100.1) via Gateway Router R1. Default Route is enough for these end systems to reach outside network through default Gateway.

nat-static-outside-to-resolve-overlapping-address-issue(01)

Now, a new site “Site B” is connected to this office through Router R2. Users in Site A (H1 and H2) need access to both Server S1 and S2 however irony being that both use overlapping IP address i.e. both have same IP address of 100.100.100.1.

This is where NAT command reference of “IP nat outside source static” comes to play.

Let’s see approach of how H1 and H2 users can access both Servers without performing much change in network.

Basic config on R1, H1 ,H2 and R2 Devices –

R1(config)#interface FastEthernet0/0
R1(config-if)#ip address 192.168.123.1 255.255.255.0

Note – Routers are configured as hosts for testing purpose –
H1(config)#interface FastEthernet0/0
H1(config-if)#ip address 192.168.123.2 255.255.255.0
H1(config-if)#exit
H1(config)#no ip routing
H1(config)#ip default-gateway 192.168.123.1

H2(config)#interface FastEthernet0/0
H2(config-if)#ip address 192.168.123.3 255.255.255.0
H2(config-if)#exit
H2(config)#no ip routing
H2(config)#ip default-gateway 192.168.123.1
<[/su_note]
R2(config)#interface FastEthernet0/0
R2(config-if)#ip address 192.168.123.100 255.255.255.0
R2(config)#interface FastEthernet0/1
R2(config-if)#ip address 192.168.23.2 255.255.255.0
R2(config-if)#exit
R2(config)#ip route 10.100.100.0 255.255.255.0 192.168.23.3

Now it’s time to configure R2 and perform NAT such that both the remote Servers S1 and S2 may be reachable. The approach will be to change the IP address of S2 Server from 100.100.100.1 to 192.168.123.4 with help of NAT on R2 where Hosts H1 and H2 will think they are communicating with Server S2 (IP address NATted to 192.168.123.4) on LAN Subnet.

This is how R2 outside NAT configuration will look like –

R2(config)#interface FastEthernet0/0
R2(config-if)#ip nat inside
R2(config)#interface FastEthernet0/1
R2(config-if)#ip nat outside
R2(config-if)#exit
R2(config)#ip nat outside source static 100.100.100.1 192.168.123.4 add-route

Note – keyword here is “add-route” along with nat outside static command. “add-route” will include route for destination 192.168.123.4 towards WAN Side i.e. pointing towards real S2 IP.

The configuration is substantiated by below command –

R2#sh ip nat translations
Pro    Inside global      Inside local       Outside local        Outside global—      —                         —                       192.168.123.4      100.100.100.1
Now time for testing –
Let’s ping Servers from H1 and H2 (For H1 and H2 the Server IPs will be S1 =100.100.100.1 and S2 = 192.168.123.4)
H1#ping 192.168.123.4
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.123.4, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 48/69/112 msH1#ping 100.100.100.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 100.100.100.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 44/76/165 ms
H2#ping 192.168.123.4
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.123.4, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 49/63/103 msH2#ping 100.100.100.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 100.100.100.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 55/67/163 ms
Let’s view the NAT translation on R2 for s=100.100.100.1->192.168.123.4 translation
R2#sh ip nat translation
Pro     Inside global        Inside local           Outside local        Outside global
—       —                           —                           192.168.123.4       100.100.100.1
icmp 192.168.123.3:16  192.168.123.3:16  192.168.123.4:16  100.100.100.1:16
icmp 192.168.123.2:6   192.168.123.2:6      192.168.123.4:6    100.100.100.1:6
Hence , through “IP Nat Outside Source Static” command overlapping IP address problem has been resolved and end systems H1 and H2 are able to simultaneously access both the Servers.

Please follow and like us:

Related Post

Add Comment

Social Media Auto Publish Powered By : XYZScripts.com
Select your currency