Community discussions

MikroTik App
 
User avatar
azurtem
Trainer
Trainer
Topic Author
Posts: 217
Joined: Mon May 16, 2011 5:35 pm
Location: Nice, France
Contact:

NAT subnet rather than out-interface

Thu Nov 06, 2014 8:38 pm

Hi

Could someone confirm whether I have got this right ?

1) I source NAT my local subnet (192.168.1.0/24) without specifying an out-interface
Therefore anything leaving the local LAN will get NAT'ed whatever interface is used to exit the site

2) I only specify an out-interface in my NAT source setup,
Therefore anything exiting through that interface will get NAT'ed

Am I right in assuming that the actual NAT'ing itself, i.e. the readdressing of the packets, will be exactly the same in both instances ?

thanks
yann
 
CelticComms
Forum Guru
Forum Guru
Posts: 1766
Joined: Wed May 02, 2012 5:48 am

Re: NAT subnet rather than out-interface

Fri Nov 07, 2014 9:06 am

I think that you have the general idea. Say you have two RFC1918 networks on two different interfaces. You may want to SRC NAT traffic from them both when leaving via the ISP WAN interface but you may not want to SRC NAT traffic between them when the networks communicate with each other. In this case option 2) is desirable.
Interlynx | Networking and Information Security Consultants & Trainers | Email: routerlynx@gmail.com
BGP | EIGRP | OSPF | MPLS | Firewall | VPN | IPsec | Multicast | QOS | IPv4/6 | STP | VLAN | PON | AE | M2M | and more!

 
User avatar
janisk
MikroTik Support
MikroTik Support
Posts: 6283
Joined: Tue Feb 14, 2006 9:46 am
Location: Riga, Latvia

Re: NAT subnet rather than out-interface

Fri Nov 07, 2014 9:45 am

it depends on the configuration - there are cases where doing src-nat (masquerade) would yield the same result as src-nat based on source address.

In RouterOS has the possibility to create different configuration to achieve the same result. So, if it works it sticks. Just have to analyze if that is best (least resource intensive way to do this)
 
User avatar
azurtem
Trainer
Trainer
Topic Author
Posts: 217
Joined: Mon May 16, 2011 5:35 pm
Location: Nice, France
Contact:

Re: NAT subnet rather than out-interface

Fri Nov 07, 2014 11:40 am

Thanks Celticcomms and Janisk

My question has to do with a VoIP issue (one-way audio) that one of my clients is
having since I have replaced his Cisco routers with RB951G

The NAT'ed RTP packets exiting his offices apparently don't contain the correct address
and so the remote Asterisk server doesn't seem able to properly forward the return audio

I was wondering whether the manner in which the NAT (masquerade) is configured
could have an influence on the addresses that are registered in the packets

yann

NB
SIP Service helper is switched off
 
User avatar
azurtem
Trainer
Trainer
Topic Author
Posts: 217
Joined: Mon May 16, 2011 5:35 pm
Location: Nice, France
Contact:

Re: NAT subnet rather than out-interface

Fri Nov 07, 2014 2:08 pm

Hi

Ok so the company that manages the Asterisk server modified
a parameter to force the VoIP phones to direct (address) all
their traffic via the remote Asterisk server's WAN IP.

Apparently this has always been the mode of operation for
the phones; it is simply, in this case, that the addressing of
the packets seems to have changed.

In their view the Cisco (ASA 5505) routers handled a form
of address rewriting which isn't provided, or should I say,
is handled differently by the RB951G.

So all is well after a week spent hunting for a solution
and sleeping very little; and it feels good, real good.

Thanks for your help
yann

Who is online

Users browsing this forum: awbl, marekm and 61 guests