- This topic has 1 reply, 1 voice, and was last updated 1 year, 6 months ago by
ddasal.
- Posts
- ddasalKarma: 15Rank: Padawan
I am trying to understand if I can have a routed network (multiple hops across our environment) between the stratix 5700 doing L2nat and the PLCs we are needing to connect to from the Honeywell EIM (which has no gateway support).
I’ve attached a mock up sample diagram of what we are attempting and it’s not working.
It seems we are struggling with the NAT portion of this config. If we plug in a laptop in place of the EIM, we can ping the real ip address of the PLC just fine (and vise-versa), but after we turn on NAT, if we attempt to ping the L2NAT in the stratix 5700, we are unable to ping the “public” ip address we assign it (in the same subnet as the laptop or EIM device).
Should this work, and we are failing to configure NAT correctly, or is this outside the scope of what the feature set it for?
Here is the config on the 5700:
interface gig1/1
l2nat instance test
switchport mode trunkl2nat instance test
inside from host subnetZ.10 to subnetA.10
outside from host subnetA.1 to subnetB.254 gatewayddasalKarma: 15Rank: PadawanWe were able to find answers to our questions. For L2 NAT to work, we had to keep the same VLAN assignment on both the “inside” and “outside” interfaces (use 1 vlan only).
In order to achieve support for multiple L3 hops between the NAT boundary and the PLCs, we had to switch to a device which supported L3 NAT (traditional NAT from a router or firewall). This may or may not be supported by the vendors, but it was was necessary to make it work.
- You must be logged in to reply to this topic.