Hi everyone,

There are a lot of discussions on how to setup the WAN router to allow internal hosts to access internet. Sometimes also question on how to use other public IP assigned by our ISP + some very basics QoS

I've decided to write a quick document with sample configurations:

Here a quick drawing to explain all configurations.

Let's assume some points:

A.  1 is our WAN subnet. Let's says we get subnet 21.20.20.0/29 from our ISP.

That means, we have IPs from 21.20.20.1 to 21.20.20.6. Our ISP IP is 21.20.20.1 and our WAN router interface is 21.20.20.2. Others IP are free to be used for whatever we want. 

Usually, our ISP is routing remaining IPs (from 21.20.20.3 to 21.20.20.6) to our WAN router interface 21.20.20.2.

IP 21.20.20.3 is a static NAT for our internal server which have IP 192.168.1.10. This static nat is used to forward all ports (TCP and UDP) to our internal server. That means if someone is trying to access the IP 21.20.20.3 using smtp, the smtp traffic will be forwarded to our 192.168.1.10 internal server. We can do nat by restricting port, but in this example it was just to show up how to use a public IP assigned by our ISP that isn't configured to any of your router interfaces.

B.  2 is our LAN subnet, Let's say we have 192.168.1.0/24 as internal subnet.

C.  We have 3 types of traffic: (our WAN bandwidth is 20Mbps)

 - All voice traffic is prioritized with a bandwidth of 5Mbps

 - Traffic incoming to IP 21.20.20.3 has a bandwidth reserved of 5Mbps

 - All default traffic as default (no prioritization of bandwidth reservation)

D. our wan interface is Gi0/0 and LAN is Gi0/1

Now let's show the config:

A. WAN config interface and default route

interface Gi0/0

 description ### WAN interface ###

 ip address 21.20.20.2 255.255.255.248

 bandwidth 20000

!

ip route 0.0.0.0 0.0.0.0 21.20.20.1

B. LAN interface configuration

interface Gi0/1

 description ### LAN interface ###

 ip address 192.168.1.1 255.255.255.0

C. NAT Configuration (dynamic NAT to allow all internal hosts to access internet)

ip access-list NAT extended ip permit 192.168.1.0 0.0.0.255 any

!

ip nat inside source list NAT interface Gi0/0 overload

!

interface Gi0/1

 ip nat inside

!

interface Gi0/0

 ip nat outside

C. NAT configuration (static NAT) for our email server

ip nat inside source static 192.168.1.10 21.20.20.3

D. QoS configuration

==> Classify voice RTP traffic

access-list 100 permit udp any any range 16384 32767

class-map voip 

  match access-group 100

==> Classify traffic incoming to our email server

access-list 110 permit ip any host 21.20.20.3

class-map email

  match access-group 110

==> Configuration of outbound policy-map (from internal to internet)

policy-map PMAP-OUT

  class voip

     priority 5000

  class class-default

==> Configuration of outbound policy-map (from internet to internal)

policy-map PMAP-IN

  class email

     bandwidth 5000

  class class-default

==> Apply policy-map to our WAN interface

interface Gi0/0

 service-policy output PMAP-OUT

 service-policy input PMAP-IN

For you sure :-) , if you never done any QoS configuration, you'll ask the difference between bandwidth and priority. Here a Cisco documentation that's explaining all these stuffs: http://www.cisco.com/c/en/us/support/docs/quality-of-service-qos/qos-pac...

Thanks so much for reading me

PS: Please don't forget to rate if this answered your question