I just finished our Extra-Net design and the main focus was to resolve overlapping address issues with all of our private-to-private connections (point-to-point and tunnel mode VPN) My desgin called for the resolution of addressing issues all on our side. The biggest key to this is that the Cisco router will do routing before NATing. What I did was to set aside the 172.16.0.0-172.31.255.255 address ranges for this task. I extracted the 172.29.250.0/24 network addresses and made this our source address (destination on the way back) when going into customer nets (this is the only item we are forcing onto the customers.) Now the rest of the address space I subnetted and set aside for destination addresses requested from our network. Once this traffic hits the router which connects to our clients the following things happen: A route determination is made based on the 172.x.x.x destination address on the packet, this will make sure that you route the proper traffic to the correct client incase of an overlapping issue. Once the route determination has been made a NAT Inside is performed to the source and destination (the source to the 172.29.250.0/24 net and the destination to the actual "real" IP of the requested unit on the remote end.) After that the packet is either put onto the wire (in the case of a p-t-p) or hits a crypto map (in the case of a VPN) I have tested this on a router and am implementing this on a Cisco 5008. It will not work on the PIX since at this time it does not perform any destination NAT (it will in ver. 6) Hope that helps. Moe. -----Original Message----- From: Charles Dowling [mailto:[EMAIL PROTECTED]] Sent: Friday, April 06, 2001 8:20 AM To: [EMAIL PROTECTED] Subject: NAT I was wondering if anyone could shed some light on a NAT issue I am dealing with. I have a Cisco 3362 router which is used for ISDN connectivity. I have several client networks that I connect to and now have two clients with similar address ranges. Client A uses a 10.1.1.0/24 network and a new client B uses a 10.0.0.0/8 addressing scheme with several subnets. The routes are as follows: ip route 10.1.1.0 255.255.255.0 192.168.10.49 (for Client A) ip route 10.1.0.0 255.255.0.0 192.168.10.130 (Client B) You can see why there is a problem because any similar addresses within the 10.1.1.x range on both networks, will mean that the router has no idea where to send the traffic. The dialer interface on my end has an address of 192.168.10.1 and the BRI interface on the remote router is 192.168.10.130. I have full access and control to the router I am dialing in to so making changes is quite easy. I am thinking about using Network Address Translation on the remote router somehow. Any suggestions? Charles. _________________________________ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
