NAT Between - mikerm19/cisco GitHub Wiki

This one is my favorite config for routing between networks and still have most local and internet services work fine. This is technically a double NAT however, which may cause problems with a couple services. Basic FTP and SMB to the ethernet network work fine though.

Credits: Thanks to @jhorvath911 for helping with this one.

Basic version, no additional services (static Token-Ring clients, using ethernet DNS):

interface FastEthernet1/0
 ip address 192.168.10.95 255.255.255.0
 ip nat outside
 duplex auto
 speed auto
!
interface TokenRing1/0
 ip address 172.20.0.1 255.255.255.0
 ip nat inside
 ring-speed 16
!
ip forward-protocol spanning-tree any-local-broadcast
ip route 0.0.0.0 0.0.0.0 192.168.10.1
!
no ip http server
no ip http secure-server
ip nat inside source list 100 interface FastEthernet1/0 overload
!
access-list 100 permit ip 192.168.10.0 0.0.0.255 any
access-list 100 permit ip 172.20.0.0 0.0.0.255 any
!

Token-Ring client configuration:

IP Address: 172.20.0.99
Netmask:    255.255.255.0
Gateway:    172.20.0.1
DNS:        192.168.10.2

Note: You can use a DHCP address for the outside interface. This configuration also doesn't give you DHCP or DNS (see below).

---

DHCP and DNS for Token-Ring clients version (Using the DNS server on the ethernet side as a resolver for the router): (The excluded-address range just makes sure clients only get 100-254 as an address, it is optional)

ip dhcp excluded-address 172.20.0.1 172.20.0.99
!
ip dhcp pool tokenring
   network 172.20.0.0 255.255.255.0
   domain-name tokenring.net
   dns-server 172.20.0.1 
   default-router 172.20.0.1 
!
ip name-server 192.168.10.2
!
interface FastEthernet1/0
 ip address 192.168.10.95 255.255.255.0
 ip nat outside
 duplex auto
 speed auto
!
interface TokenRing1/0
 ip address 172.20.0.1 255.255.255.0
 ip helper-address 192.168.10.1
 ip nat inside
 ring-speed 16
!
ip forward-protocol spanning-tree any-local-broadcast
ip route 0.0.0.0 0.0.0.0 192.168.10.1
!
ip dns server
!
ip nat inside source list 100 interface FastEthernet1/0 overload
!
access-list 100 permit ip 192.168.10.0 0.0.0.255 any
access-list 100 permit ip 172.20.0.0 0.0.0.255 any

Token-Ring client configuration:

DHCP