network - snat

asked 2017-02-08 03:04:37 -0500

2707974 gravatar image

I wish to have one tenant and two external network on router.

On one external network I have nat, but not on second external network. I need nat enabled on both network.

First network, with nat enabled and name External Network, is for internet access. Second network is for trunk, direct dedicated connection from tenant router to far end resource. In short I have l2 tunnel on my hardware equipment and tag packet with vlan id 1804. That traffic must be passed to the tenant router.

I create ProNet and setup is correct and working.

ProNet use 172.18.4.0/24 net.

Interface on tenant router connected to that netwotk have ip 172.18.4.1

From tenant router I can access far end resource on ip 172.18.4.250. But without nat, instance represent him self with ip from network 172.20.0.0/24.

Far end resource do not have route for 172.20.0.0/24 network but have Route for 172.18.4.0/24 network.

For me is easiest to enable nat on interface on tenant router to access far end resource for in My case network with name ProNet.

Second working solution is to put route on far end resource

172.20.0.0/24 via 172.18.4.250

I want to avoid far end resource configuration aka adding route. Because of that I need nat on router interface. In that case traffic from instace on 172.20.0.0/24 will be nated to 172.18.4.1 and I do not need to ad route to far end resource.

Configuration:

Tenant network: 172.20.0.0/24

External Network: xxx.xxx.223.14 – on port

ProNet: 172.18.4.0/24

Traffic flows:

To internet

172.20.0.140 -> 172.20.0.1 -> nat -> xxx.xxx.223.14 -> internet

To far end

172.20.0.140 -> 172.20.0.1 -> no nat -> 172.18.4.1 -> 172.18.4.250

On this flow I need nat.

edit retag flag offensive close merge delete