12-05-2018 01:39 AM
Hello,
Can we NA multiple LANs on the same router going out the same interface and having the same IP addresses?
For example:
For the case in the design below, how can we do it without using VRFs?
Thanks,
12-05-2018 04:10 AM
In short yes it is possible, what kind of device is this ?, make sure you have good head room to process so many NAT rules.
12-05-2018 05:04 AM
Hello,
Basically this should work on ISR 4300 or ISR 800,
can you elaborate more on how can this be done?
Thanks,
12-06-2018 12:54 AM
Another note, if you do not have requirement of /8 /16 then you need to be use specific to subnet rather a super net.
suggestion is to look forward to have specific subnet to add in ACL and do NAT.
if you looking to NAT /8 /16 /24 the device not good enough in terms of resources.
12-05-2018 07:15 PM
Hello Yacine,
I hope you are doing great,
Yes you can do this "IF the subnets do not overlap to each other, per say host 10.0.0.15 on sw1 and on sw4 10.0.0.15" this could cause a ARP issue in the router, and the only way to make it work is with VRFs and then NAT.
Now if the subnets in the diagram are just the internal VLANs in your network then there is not problem, you can do this on any router from ISR 4300- ISR G2 which are EoL, the 800 series and so on.
If you want to NAT all those subnets to one IP address this is called PAT(Port Address translation), you will need to create an ACL to classify those internal subnets and the use the interface that has the IP address that you want them to be NATTed.
1. Create standard ACL with the internal subnets:
access-list 1 permit 10.0.0.0 0.255.255.255
access-list 1 permit 172.16.0.0 0.0.255.255
access-list 1 permit 192.168.0.0 0.0.0.255
2. create the NAT command:
ip nat inside source list 1 interface fastethernet 0/1 overload
3. Place the "ip nat inside" in the interface where the private subnets are ingressing to the router for this deployment I would guess you would have many sub-interfaces "router on a Stick":
For example:
interface fastethernet 0/0.10
encapsulation dot1q 10
ip address 10.0.0.1 255.0.0.0
ip nat inside
Then you do the same for the other subnets.
4. Place the "ip nat outside" in the egress interface:
interface fastethernet 0/1
ip nat outside
Now if you want to do it per subnet you will need to use ip nat pools, but follows the same logic, let me know if this helped and if you have any other doubt,
Please proceed to rate all helpful posts and mark as correct if this answered your query!
David Castro,
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide