Your company (Company ABC) makes a new contract with a Partner for a new research project. This requires connectivity between the Research Departments of the two companies.
Unfortunately, both companies uses the same private addressing space, 192.168.0.0/16, for internet network.
In order to perform the connectivity, Network Address Translation needs to be configured, but your partner company does not have a dedicated network team (they outsource the network changes to external parties, when needed) so in order to make this work as soon as possible, the NAT is performed on Company ABC's border router (R2) as shown below:
The target is:
- your company's server 192.168.11.1 will be seen as 172.16.23.1 on the partner side
- partner server 192.168.44.4 will be seen as 192.168.1.4 inside your company's network
Another constraint that exist within your network, is the fact that your border router (R2) is already using the old-style NAT (as apposed to new NVI, NAT Virtual Interface, feature) to hide/translate your internal network behind serial0/0 interface towards the Internet (R5=ISP), so for the moment, you have to use the legacy methods.
Unfortunately, there's something wrong with the new NAT because the connectivity between R1 and R4 is not working.
Here is the troubleshooting that you perform (
R2#deb ip nat detailed IP NAT detailed debugging is on R2# *Mar 1 01:26:24.335: NAT*: o: icmp (192.168.44.4, 3) -> (172.16.23.1, 3) [16] *Mar 1 01:26:24.335: NAT*: s=192.168.44.4->192.168.1.4, d=172.16.23.1 [16] *Mar 1 01:26:24.335: NAT*: s=192.168.1.4, d=172.16.23.1->192.168.11.1 [16] R2# R2#sh ip nat translations Pro Inside global Inside local Outside local Outside global --- --- --- 192.168.1.4 192.168.44.4 icmp 172.16.23.1:3 192.168.11.1:3 192.168.1.4:3 192.168.44.4:3 --- 172.16.23.1 192.168.11.1 --- --- R2#un all
What is the problem?
Post your answer in the 'Comments' section below and subscribe to this blog to get the detailed solution and more interesting quizzes.
Costi is a network and security engineer with over 10 years of experience in multi-vendor environments. He holds a CCIE Routing and Switching certification and is currently pursuing same expert-level certifications in other areas. He believes that the best way to learn and understand networking topics is to challenge yourself to fix different problems, production-wise or lab-type exams. He also enjoys teaching networking and security technologies, whevever there is an opportunity for it.
Comments
comments powered by Disqus