Quick NAT question

[Tigerjoe]

I have two 2500 series routers (A and B)connected back to back and one router connected to a cable modem. My question is that if i configure RouterA to use NAT outside on the interface connected to the modem, which interface do i need to configure NAT inside? Will it be the serial interface connected to RouterB or will it be the ethernet interface on RouterB that is connected to my LAN?

I dont have a config since I dont know where to configure NAT.

Thanks for any input.

 

[tschouten]

Yes the Serial interface on A would be your inside interface. There are multiple steps for configuring NAT on a router. You will have to go into each interface at set them up as inside and outside. In your case it would look like this:

routerA(config)interf eth0
routerA(config-if)ip nat outside

(I'm assuming your cable modem is connected via ether 0 on Router A this is why I made it outside. Still being in Router A ethernet 0 interface config mode, these are the next command steps )

RouterA(config-if)interface serial0
(again assuming you have them back to back via serial 0)
RouterA(config-if)ip nat inside
RouterA(config-if)^Z
RouterA#wr mem
(I like to save after configuring you could skip this and do it later)
RotuerA#conf t
(go back to global config area and work on access lists and NAT statements)
RouterA(config)

You would want your config to look similar to this (note this isn’t exactly what you want but it is a point in the general direction, you will want to use the correct IP addresses and what not for your config. Not to mention some info was cut out for brevity)

interface FastEthernet0
ip address 192.168.1.254 255.255.255.0
ip access-group 1 in
ip access-group 1 out
ip nat outside
speed auto
full-duplex
no cdp enable
!
interface Serial0
ip address 216.29.229.218 255.255.255.252
ip nat inside

!
ip nat pool net-2 216.29.229.218 216.29.229.218 netmask 255.255.255.252
ip nat inside source list 1 pool net-2 overload
ip nat inside source static udp 192.168.1.1 53 216.29.229.218 53 extendable
ip nat inside source static tcp 192.168.1.10 80 216.29.229.218 80 extendable
ip nat inside source static tcp 192.168.1.130 3389 216.29.229.218 69 extendable
ip nat inside source static tcp 192.168.1.2 1494 216.29.229.218 1494 extendable
ip nat inside source static tcp 192.168.1.2 3389 216.29.229.218 3389 extendable
ip nat inside source static tcp 192.168.1.130 21 216.29.229.218 21 extendable
ip nat inside source static tcp 192.168.1.1 53 216.29.229.218 53 extendable
ip classless
no ip forward-protocol udp domain
ip route 0.0.0.0 0.0.0.0 216.29.229.217
no ip http server

 

[Packetmaster]

It looks like the IP address used (216.29.229.218) for the Internet should be applied to the Ethernet interface (ip nat outside) in this example and the private address on the serial 0 interface (ip nat inside).

TIP: Also use the
ip nat inside source static tcp 192.168.123.15 80 interface Ethernet 0 80
This will keep translations straight if you are using a "ip address DHCP" command to obtain a leased address on your interface ethernet 0.

 

[Tigerjoe]

Thanks for the info's. Iam trying to apply that to my routers right now. BTW, Iam using IP ADDRESS DHCP command to optain a leased address. Ill write a follow up plus the config after I get everything to ping right. Not everything in my network is working properly right now.

 

[tschouten]

My bad, PacketMaster is correct about my example. Sorry to put misinformation on there.