NAT pool with multiple public IP-addresses
daan5000
Member Posts: 34 ■■■□□□□□□□
in CCNA & CCENT
Hi there
I'm doing some labs with different forms of Network Address Translation. I'm trying to create scenario in which I use a pool of public IP-address so if one public IP-address runs out of port numbers, a second or a third one can take over. I know this is a very common situation in company networks but because I only have GNS3 to practice with I'm not able to test if my configuration works.
On NAT-router I defined an access list of inside local addresses:
NAT-router(config)#ip access-list NAT_INSIDE_ADDRESSES
NAT-router(config-std-nacl)#permit 192.168.1.0 0.0.0.255
Next I defined a pool of outside local addresses:
NAT-Router(config)#ip nat pool OUTSIDE_PUBLIC 200.1.1.2 200.1.1.10 netmask 255.255.255.0
I enabled NAT on the inside and outside interfaces:
NAT-router(config)#int f1/0
NAT-router(config-if)#ip nat inside
NAT-router(config)#int f2/0
NAT-router(config-if)#ip nat outside
Then I enabled NAT with the following command:
NAT-Router(config)#ip nat inside source list NAT_INSIDE_ADDRESSES pool OUTSIDE_PUBLIC overload
I'm not really sure which IP-address I have to configure on the outside NAT interface. In this lab all addresses between 200.1.1.2 and 200.1.1.10 can be used as public IP-addresses. Does it matter which of these IP-addresses I configure on the outside interface? Or do I have to use subinterfaces for each public IP-address?
Thanks
Daan
I'm doing some labs with different forms of Network Address Translation. I'm trying to create scenario in which I use a pool of public IP-address so if one public IP-address runs out of port numbers, a second or a third one can take over. I know this is a very common situation in company networks but because I only have GNS3 to practice with I'm not able to test if my configuration works.
On NAT-router I defined an access list of inside local addresses:
NAT-router(config)#ip access-list NAT_INSIDE_ADDRESSES
NAT-router(config-std-nacl)#permit 192.168.1.0 0.0.0.255
Next I defined a pool of outside local addresses:
NAT-Router(config)#ip nat pool OUTSIDE_PUBLIC 200.1.1.2 200.1.1.10 netmask 255.255.255.0
I enabled NAT on the inside and outside interfaces:
NAT-router(config)#int f1/0
NAT-router(config-if)#ip nat inside
NAT-router(config)#int f2/0
NAT-router(config-if)#ip nat outside
Then I enabled NAT with the following command:
NAT-Router(config)#ip nat inside source list NAT_INSIDE_ADDRESSES pool OUTSIDE_PUBLIC overload
I'm not really sure which IP-address I have to configure on the outside NAT interface. In this lab all addresses between 200.1.1.2 and 200.1.1.10 can be used as public IP-addresses. Does it matter which of these IP-addresses I configure on the outside interface? Or do I have to use subinterfaces for each public IP-address?
Thanks
Daan
Comments
-
creamy_stew Member Posts: 406 ■■■□□□□□□□Shouldn't matter which IP you use on the outside if.
You could even use a completely different network between NAT-router and ISP-router as long as there is a route for the 200.1.1.0/24 network pointing to the outside if of the NAT-router.
/creamy -
tecnodog7 Member Posts: 129Like creamy mentioned once you have defined the ip address pool for IP NAT outside it will go one by one.
So for example your first ip address is 200.1.1.2 so this will be used until all the ports are exhausted.
Then 200.1.1.3 and so on and so forth. -
creamy_stew Member Posts: 406 ■■■□□□□□□□Well, I didn't mention that, but it's true, nonetheless
/creamy -
tecnodog7 Member Posts: 129creamy_stew wrote: »Well, I didn't mention that, but it's true, nonetheless
/creamy
Oh oops Sorry creamy to misquote you, what I really meant was on TOP of what CREAMY said.
I don't want to put words in your mouth, especially if i'm saying wrong stuff
But in this case I was right so I was spared hehe