Nat Address Translation - Weidmuller IE-SR-2GT-LAN Manual

A4 - Connecting 2 Ethernet networks with the same IP address range to
another network using 1:1 NAT address translation
This Technical Note applies to the Weidmüller Industrial Router IE-SR-2GT-LAN and IE-SR-2GT-UMTS/3G
Application scenario:
There are 2 machine networks and one upper-level production network. Each machine network is connected to the pro-
duction network by a security Router. The production network itself is connected to the corporate network via its own
Router. Both machine networks have the same IP address range 192.168.1.0 of type class C: The production network
uses the IP address range 172.16.1.0 of type class B.
Task and solution:
Each Ethernet device of all 3 networks shall have the possibility to communicate with each other. For this reason it is
necessary that each of the machine networks – both configured with the same IP address range - must be translated to
unique IP addresses. This can be done by using the network IP address translation feature "1:1 NAT" of the Router.
1:1 NAT means that IP addresses (private) of devices connected to the LAN port, internally will be translated to a new IP
address (public) if they communicate with IP addresses connected to the WAN network. From the perspective of the
WAN network each device of the LAN network is only known and addressable by its public IP address. In the case of
incoming data from WAN network (outgoing to LAN) the destination IP addresses (public) of LAN network automatically
will be translated from their public into their private IP address.
Production network 172.16.1.0 (Class B)
PC 1
172.16.1.20
255.255.0.0
GW: 172.16.1.254
Switched Production network 172.16.1.0 / 16 (Class B)
WAN-Port
Router 1
172.16.1.252
255.255.0.0
GW:172.16.1.254
Public IP address / subnet
of LAN-Port
192.168.20.254 / 255.255.255.0
1:1 NAT activated for LAN port.
Private network 192.168.1.0/24 will be mapped to public network
192.168.20.0/24 (e.g. 192.168.1.100 ß 192.168.20.100)
Machine network 1 / 192.168.1.0 / 24 (Class C)
Machine 1 Machine 2
192.168.1.100
192.168.1.101
255.255.255.0
255.255.255.0
GW 192.168.1.254
GW 192.168.1.254
Machine network 1: 192.168.1.0 (Class C)
Machine networks 1 and 2 uses the same IP address range
Copyright © 2013 Weidmüller Interface GmbH & Co. KG
All rights reserved. Reproduction without permission is prohibited.
Switched Corporate network 10.1.1.0 / 16 (Class B)
Server 1
172.16.1.21
255.255.0.0
GW: 172.16.1.254
Networks 1 and 2 can communicate
with each other by Routers 1 and 2 via
Default-Gateway 172.16.1.254
pointing to Router 3
Private IP address / subnet
of LAN-Port
192.168.1.254 / 255.255.255.0
Machine 3
192.168.1.102
255.255.255.0
GW 192.168.1.254
Configuration of Default-Gateway
WAN-Port
according to corporate network
10.1.1.254
parameters (not necessary in this
255.255.0.0
example)
LAN-Port
Router 3
172.16.1.254
255.255.0.0
These static routes has to be
HMI 1
configured at Router 3 that devices of
172.16.1.22
network 1 can communicate with
255.255.0.0
devices of network 2 and vice versa.
GW: 172.16.1.254
192.168.20.0 / 24 via 172.16.1.252
192.168.21.0 / 24 via 172.16.1.253
WAN-Port
Router 2
172.16.1.253
255.255.0.0
GW:172.16.1.254
Public IP address / subnet
of LAN-Port
192.168.21.254 / 255.255.255.0
1:1 NAT activated for LAN port.
Private network 192.168.1.0/24 will be mapped to public network
192.168.21.0/24 (e.g. 192.168.1.100 ß 192.168.21.100)
Machine network 2 / 192.168.1.0 / 24 (Class C)
Machine 1 Machine 2
192.168.1.100
192.168.1.101
255.255.255.0
255.255.255.0
GW 192.168.1.254
GW 192.168.1.254
Machine network 2: 192.168.1.0 (Class C)
Private IP address / subnet
of LAN-Port
192.168.1.254 / 255.255.255.0
Machine 3
192.168.1.102
255.255.255.0
GW 192.168.1.254
70 / 103