NAT pool with multiple public IP-addresses

daan5000daan5000 Posts: 34Member ■■■□□□□□□□
Hi there

I'm doing some labs with different forms of Network Address Translation. I'm trying to create scenario in which I use a pool of public IP-address so if one public IP-address runs out of port numbers, a second or a third one can take over. I know this is a very common situation in company networks but because I only have GNS3 to practice with I'm not able to test if my configuration works.


On NAT-router I defined an access list of inside local addresses:

NAT-router(config)#ip access-list NAT_INSIDE_ADDRESSES
NAT-router(config-std-nacl)#permit 192.168.1.0 0.0.0.255

Next I defined a pool of outside local addresses:

NAT-Router(config)#ip nat pool OUTSIDE_PUBLIC 200.1.1.2 200.1.1.10 netmask 255.255.255.0

I enabled NAT on the inside and outside interfaces:

NAT-router(config)#int f1/0
NAT-router(config-if)#ip nat inside
NAT-router(config)#int f2/0
NAT-router(config-if)#ip nat outside

Then I enabled NAT with the following command:

NAT-Router(config)#ip nat inside source list NAT_INSIDE_ADDRESSES pool OUTSIDE_PUBLIC overload

I'm not really sure which IP-address I have to configure on the outside NAT interface. In this lab all addresses between 200.1.1.2 and 200.1.1.10 can be used as public IP-addresses. Does it matter which of these IP-addresses I configure on the outside interface? Or do I have to use subinterfaces for each public IP-address?

Thanks

Daan

Comments

  • creamy_stewcreamy_stew Posts: 406Member
    Shouldn't matter which IP you use on the outside if.

    You could even use a completely different network between NAT-router and ISP-router as long as there is a route for the 200.1.1.0/24 network pointing to the outside if of the NAT-router.

    /creamy
    Itchy... Tasty!
    [X] DCICN
    [X] IINS

    [ ] CCDA
    [ ] DCICT
  • tecnodog7tecnodog7 Posts: 129Member
    Like creamy mentioned once you have defined the ip address pool for IP NAT outside it will go one by one.

    So for example your first ip address is 200.1.1.2 so this will be used until all the ports are exhausted.
    Then 200.1.1.3 and so on and so forth.
  • creamy_stewcreamy_stew Posts: 406Member
    Well, I didn't mention that, but it's true, nonetheless icon_smile.gif

    /creamy
    Itchy... Tasty!
    [X] DCICN
    [X] IINS

    [ ] CCDA
    [ ] DCICT
  • tecnodog7tecnodog7 Posts: 129Member
    Well, I didn't mention that, but it's true, nonetheless icon_smile.gif

    /creamy

    Oh oops Sorry creamy to misquote you, what I really meant was on TOP of what CREAMY said.
    I don't want to put words in your mouth, especially if i'm saying wrong stuff icon_redface.gif

    But in this case I was right so I was spared hehe icon_cheers.gif
  • daan5000daan5000 Posts: 34Member ■■■□□□□□□□
    Thank you very much. Exactly the information I needed :)
Sign In or Register to comment.