Acheter ou Renouveler
Acheter ou Renouveler
annuler
Activer les suggestions
La fonction de suggestion automatique permet d'affiner rapidement votre recherche en suggérant des correspondances possibles au fur et à mesure de la frappe.
Affichage des résultats de 
Rechercher plutôt 
Vouliez-vous dire : 
cancel
Nouveau sujet
1080
Visites
0
Compliment
4
Réponses

Issue when configuring nat Cisco8300 IOS XE Software, Version 17.06.05

network user
Level 1
Level 1

‎20-10-2023 03:03 AM - modifié ‎20-10-2023 05:36 AM

Hi,

The context is the following : we need to replace an old router version (Cisco 1841) by a new one : Cisco 8300 IOS XE.

The infrastructure and configuration is as followed :

networkuser_1-1697796019456.png

 

I have a single interface linked with my ISP in vlan 2. In this interface, there is 5 different IPs address because of VPN connexion using these addresses (for e.g 1.1.1.2) .

The problem seems to be coming from ip address secondary which seems to not be recognize or supported by my router cisco 8300 IOS XE.
It was working fine on my old router cisco 1841.

What can I do / change on my configuration to have one interface going through my ISP, with 5 different IP address in the same vlan (vlan 2)

I have tried to do sub interface but I have to do encapsulation dot1q or ise or whatever. As my addresses are in the same Vlan (vlan 2), I cannot tag all of them in vlan 2.

Any recommendation would be apprecied

I'm french so do not hesitate to reply in french

Étiquettes :
0 Compliments
4 RÉPONSES 4

balaji.bandi
Hall of Fame
Hall of Fame

le ‎20-10-2023 04:43 AM

first why do you need seconday interface ?

If this is only NATtting, my view you do not need secondary interface and you can still NAT.

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

0 Compliments

network user
Level 1
Level 1
En réponse à balaji.bandi

‎20-10-2023 05:26 AM - modifié ‎20-10-2023 05:37 AM

Hi balaji
Because in my private network, people from specific vlan will have a single public IP address (NAT) that is used for isakmp. These public IP address can be used to reach internal website of their company
That is why I need to separate each public IP address. Company x isn't allowed to access to website of company y.


 

0 Compliments

balaji.bandi
Hall of Fame
Hall of Fame
En réponse à network user

le ‎20-10-2023 05:54 AM

can you post show run from your old device (remove all confidential information)

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

0 Compliments

network user
Level 1
Level 1
En réponse à balaji.bandi

‎08-11-2023 02:29 PM - modifié ‎08-11-2023 02:42 PM

Hi balaji

Actually I can’t do it. 
but the need is the following :

- 1 outside nat interface through the ISP

- 5 sub interface (nat inside interface) for users in 5 different Vlans

- All users in a specific vlan will be mapped to a single IP address. e.g : users from vlan 10 in my LAN will have 68.1.1.1 as public address and users from vlan 20 will have 69.1.1.1 (so I need PAT)

- every interfaces (inside and outside) are in the same vrf

- I have a static route going through my ISP

how can I perform this ?

 

note : I saw this topic :

https://community.cisco.com/t5/routing/ios-ex-static-nat-on-secondary-ip-address/td-p/2727718
Thanks to this I don’t think that I need to apply secondary IP addresses on my interface going through my ISP even if I am doing dynamic NAT (PAT), right?

 

0 Compliments

Liens rapides

Parcourez les liens directs de la Communauté et profitez de contenus personnalisés en français

Partager un document Rédiger un blog Vidéos R&S
Customers Also Viewed These Support Documents