Moe, Thanks for the advice. I understand what you are saying with routing first and NATing second. WHat I have done is to create a route on the source router of ip route 10.100.0.0 255.255.0.0 192.168.10.130. The real route should be ip route 10.1.0.0 255.255.0.0 192.168.10.130 but as you know, this will cause conflicts. The second thing I need to do is modify my configuration on the destination router to have a 10.100.x.x address on the ethernet interface. That is all fine but the network it attaches to is a 10.1.0.0/16 network. As with everything NAT, it is all perception and trying to understand where the translation takes place and in which direction it should go confuses me. I know the NAT should happen on the outside interface on the remote router but I am not sure how to set up the configuration. My first question is how do I get the routing right. The source router has to have a destination network defined on it and the destination router has to have an interface with a network address within that range. OK, so with that set up, I can create a path for traffic to come in on but it can never get out because the destination network range is different than that of the ethernet interface. Is it then necessary to create a secondary address on the destination router's e'net interface? Secondly, the translation. Since all I really want to do is get my router to send the traffic down the correct path without interfering with other networks, do I really need to use NAT? Thanks again, Dazed and confused, Charles. Moe Tavakoli wrote: > I just finished our Extra-Net design and the main focus was to resolve > overlapping address issues with all of our private-to-private connections > (point-to-point and tunnel mode VPN) My desgin called for the resolution of > addressing issues all on our side. The biggest key to this is that the > Cisco router will do routing before NATing. What I did was to set aside the > 172.16.0.0-172.31.255.255 address ranges for this task. I extracted the > 172.29.250.0/24 network addresses and made this our source address > (destination on the way back) when going into customer nets (this is the > only item we are forcing onto the customers.) Now the rest of the address > space I subnetted and set aside for destination addresses requested from our > network. Once this traffic hits the router which connects to our clients > the following things happen: > > A route determination is made based on the 172.x.x.x destination address on > the packet, this will make sure that you route the proper traffic to the > correct client incase of an overlapping issue. > > Once the route determination has been made a NAT Inside is performed to the > source and destination (the source to the 172.29.250.0/24 net and the > destination to the actual "real" IP of the requested unit on the remote > end.) > > After that the packet is either put onto the wire (in the case of a p-t-p) > or hits a crypto map (in the case of a VPN) > > I have tested this on a router and am implementing this on a Cisco 5008. It > will not work on the PIX since at this time it does not perform any > destination NAT (it will in ver. 6) > > Hope that helps. > > Moe. > > -----Original Message----- > From: Charles Dowling [mailto:[EMAIL PROTECTED]] > Sent: Friday, April 06, 2001 8:20 AM > To: [EMAIL PROTECTED] > Subject: NAT > > I was wondering if anyone could shed some light on a NAT issue I am > dealing with. I have a Cisco 3362 router which is used for ISDN > connectivity. I have several client networks that I connect to and now > have two clients with similar address ranges. Client A uses a > 10.1.1.0/24 network and a new client B uses a 10.0.0.0/8 addressing > scheme with several subnets. The routes are as follows: > > ip route 10.1.1.0 255.255.255.0 192.168.10.49 (for Client A) > ip route 10.1.0.0 255.255.0.0 192.168.10.130 (Client B) > > You can see why there is a problem because any similar addresses within > the 10.1.1.x range on both networks, will mean that the router has no > idea where to send the traffic. > > The dialer interface on my end has an address of 192.168.10.1 and the > BRI interface on the remote router is 192.168.10.130. I have full > access and control to the router I am dialing in to so making changes is > quite easy. I am thinking about using Network Address Translation on > the remote router somehow. > > Any suggestions? > > Charles. _________________________________ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
