Multiple Internet connections

controlcontrol Member Posts: 309
Hi All,

If I have 3 VLANs and 3 Separate Public IP addresses attached to the same interface, do I need to create subinterfaces with a Public IP address on each?

The goal is to have each of the VLANs to each use on of the Public IP/Interface for their browsing.
Can this be done easily?


  • boredgameladboredgamelad Member Posts: 365 ■■■■□□□□□□
    I don't know if this is the optimal solution but I'm fairly certain it works. All you have to do is set up NAT rules so that each internal network NATs to a different public IP. So you might have the vlans,, and, and you were given the public IPs - 35 / 21 (I made these up, don't use them obviously). You'd set up your ACLs:

    access-list 1 permit ip
    access-list 2 permit ip
    access-list 3 permit ip

    Set up a NAT pool for each outside IP:

    ip nat pool outside1
    ip nat pool outside2
    ip nat pool outside3

    And then set up your address translation:

    ip nat inside source list 1 pool outside1 overload
    ip nat inside source list 2 pool outside2 overload
    ip nat inside source list 3 pool outside3 overload

    Set up your interfaces on the inside network with the ip nat inside command and your external interface with ip nat outside. You shouldn't need subinterfaces to accomplish this, as far as I'm aware.

    If I'm totally wrong about this and it wouldn't work at all I do not mind being corrected by somebody who knows what they're doing.

    Just as best practice note, you probably don't want to allow all access outbound. You might restrict your access lists to only allow say HTTP and HTTPS, in which case you'd want to use extended ACLs.
Sign In or Register to comment.