<NAT translation from a sourced network to a destination network>
Ok here we go. I know the subject is a little ambiguous, please allow to explain. I have a network of 192.168.1.0/24 and I need it to reach a network 10.0.1.0/27 only when it needs to be accessed by specific machines that reside on the 192.168.1.0/24 network. 192.168.1.10 à NAT à10.0.1.10 à route that packet to 10.0.1.1. I only want specific host to route to that specific /27 network . Any help would be appreciated. So far what I have gathered is only for VPN connections but I do not want to build a VPN. Thank you again in advance. Michael Ruiz Network Engineer "If you tell people where to go, but not how to get there, you'll be amazed at the results." -- General George S. Patton Jr.
Do you mean you want certain addresses on /24 to NAT out to /27, but not all of them? Sounds like and ACL will do: http://articles.techrepublic.com.com/5100-10878_11-1039094.html -ak On Fri, Jun 18, 2010 at 4:13 PM, Mike Ruiz <mruiz@lstfinancial.com> wrote:
Ok here we go. I know the subject is a little ambiguous, please allow to explain.
I have a network of 192.168.1.0/24 and I need it to reach a network 10.0.1.0/27 only when it needs to be accessed by specific machines that reside on the 192.168.1.0/24 network.
192.168.1.10 à NAT à10.0.1.10 à route that packet to 10.0.1.1.
I only want specific host to route to that specific /27 network .
Any help would be appreciated. So far what I have gathered is only for VPN connections but I do not want to build a VPN. Thank you again in advance.
Michael Ruiz
Network Engineer
"If you tell people where to go, but not how to get there, you'll be amazed at the results." -- General George S. Patton Jr.
-- Andrey Khomyakov [khomyakov.andrey@gmail.com]
Also this 192.168.1.0/24 needs to have access to my other prefixes. It only needs to NAT'd when it needs to connect to that specific network. From: Andrey Khomyakov [mailto:khomyakov.andrey@gmail.com] Sent: Friday, June 18, 2010 3:25 PM To: Mike Ruiz Cc: nanog@nanog.org Subject: Re: <NAT translation from a sourced network to a destination network> Do you mean you want certain addresses on /24 to NAT out to /27, but not all of them? Sounds like and ACL will do: http://articles.techrepublic.com.com/5100-10878_11-1039094.html -ak On Fri, Jun 18, 2010 at 4:13 PM, Mike Ruiz <mruiz@lstfinancial.com> wrote: Ok here we go. I know the subject is a little ambiguous, please allow to explain. I have a network of 192.168.1.0/24 and I need it to reach a network 10.0.1.0/27 only when it needs to be accessed by specific machines that reside on the 192.168.1.0/24 network. 192.168.1.10 à NAT à10.0.1.10 à route that packet to 10.0.1.1. I only want specific host to route to that specific /27 network . Any help would be appreciated. So far what I have gathered is only for VPN connections but I do not want to build a VPN. Thank you again in advance. Michael Ruiz Network Engineer "If you tell people where to go, but not how to get there, you'll be amazed at the results." -- General George S. Patton Jr. -- Andrey Khomyakov [khomyakov.andrey@gmail.com]
192.168.1.10 à NAT à10.0.1.10 à route that packet to 10.0.1.1.
I only want specific host to route to that specific /27 network .
Cisco's route-map can do this (policy based routing .. define an ACL to match and then route accordingly) : https://www.cisco.com/en/US/tech/tk648/tk361/technologies_tech_note09186a008... Cheers, Michael Holstein Cleveland State University
depending on your vendor equipment you'll need an ACL or a route map to define the traffic you wish to Nat and apply it to the 'nat engine'. if you are doing this on cisco ASA or similar it might look something like this: -define the interesting traffic with an ACL: access-list 110 permit ip 192.168.1.0 0.0.0.255 10.0.1.0 0.0.0.31 access-list 110 deny ip any any - create a route-map: route-map natme permit 10 match ip address 110 - apply the map: ip nat inside source route-map natme interface GigabitEthernet0/1 overload hope that helps. -g ________________________________________ From: Mike Ruiz [mruiz@lstfinancial.com] Sent: Friday, June 18, 2010 4:13 PM To: nanog@nanog.org Subject: <NAT translation from a sourced network to a destination network> Ok here we go. I know the subject is a little ambiguous, please allow to explain. I have a network of 192.168.1.0/24 and I need it to reach a network 10.0.1.0/27 only when it needs to be accessed by specific machines that reside on the 192.168.1.0/24 network. 192.168.1.10 à NAT à10.0.1.10 à route that packet to 10.0.1.1. I only want specific host to route to that specific /27 network . Any help would be appreciated. So far what I have gathered is only for VPN connections but I do not want to build a VPN. Thank you again in advance. Michael Ruiz Network Engineer "If you tell people where to go, but not how to get there, you'll be amazed at the results." -- General George S. Patton Jr.
participants (4)
-
Andrey Khomyakov -
Greg Whynott -
Michael Holstein -
Mike Ruiz