Configure NAT to Enable Communication Between Overlapping Networks
Today I am going to talk about how to configure Network Address Translation (NAT) to enable communication between server and client which are on different network segments with overlapping IP space. The purpose of this article is to enable communication between a Server and clients on two separated network segments with overlapping IP Space (usually seen when a network merger happens).
Two networks with same IP space are connected across Router A and Router B, (here we are using loopbacks to simulate the connected network). NAT router between Router A and Router B enables the communication between overlapping IP network space.
Traffic Flow
When the Clients initiate traffic to the global IP of Server, the traffic hits the NAT router and the traffic is forwarded to the Server, but when the traffic is returned back to NAT router, the Router fails to forward the traffic as the Server 192.168.1.1 is attached/known on inside interface.
To fix this, Mask (NAT) the outside Source traffic as it traverses across the NAT router.Enable NAT on inside and outside interfaces.
Fig 1.1- NAT Router Design |
Configuration
!
interface Ethernet0/0
description Connection to Server
ip address 10.1.0.2 255.255.255.252
ip nat inside
end
!
interface Ethernet0/1
description Connection to Clients
ip address 10.2.0.2 255.255.255.252
ip nat outside
end
!
Configure NAT to translate inside local to inside Global Address
!
ip nat inside source static 192.168.1.1 10.100.1.1 extendable
!
Now, configure NAT statements to translate the source of the clients as they hit the NAT outside interface
!
ip nat outside source static network 192.168.1.0 10.100.2.0 /24
!
Routing Configuration
Route for the Server. Note that a specific route for the server is configured pointing towards LAN (Ethernet 0/0)
!
ip route 192.168.1.1 255.255.255.255 Ethernet0/0 10.1.0.1
!
Route for the Client Network
!
ip route 192.168.1.0 255.255.255.0 Ethernet0/1 10.2.0.1
!
Verification
*May 19 11:34:59.963: NAT*: o: icmp (192.168.1.10, 10) -> (10.100.1.1, 10) [42]
* May 19 11:34:59.963: NAT*: o: icmp (192.168.1.10, 10) -> (10.100.1.1, 10) [42]
* May 19 11:34:59.963: NAT*: s=192.168.1.10->10.100.2.10, d=10.100.1.1 [42]
* May 19 11:34:59.963: NAT*: s=10.100.2.10, d=10.100.1.1->192.168.1.1 [42]
* May 19 11:34:59.963: NAT*: i: icmp (192.168.1.1, 10) -> (10.100.2.10, 10) [42]
* May 19 11:34:59.963: NAT*: s=192.168.1.1->10.100.1.1, d=10.100.2.10 [42]
* May 19 11:34:59.963: NAT*: s=10.100.1.1, d=10.100.2.10->192.168.1.10 [42]
NAT-Router#
* May 19 11:34:59.964: NAT*: o: icmp (192.168.1.10, 10) -> (10.100.1.1, 10) [43]
* May 19 11:34:59.964: NAT*: s=192.168.1.10->10.100.2.10, d=10.100.1.1 [43]
* May 19 11:34:59.964: NAT*: s=10.100.2.10, d=10.100.1.1->192.168.1.1 [43]
* May 19 11:34:59.964: NAT*: i: icmp (192.168.1.1, 10) -> (10.100.2.10, 10) [43]
* May 19 11:34:59.964: NAT*: s=192.168.1.1->10.100.1.1, d=10.100.2.10 [43]
* May 19 11:34:59.964: NAT*: s=10.100.1.1, d=10.100.2.10->192.168.1.10 [43]
NAT-Router#