11-18-2003 07:55 AM - edited 03-02-2019 11:48 AM
this is on a 3725 router, assume that the 10. addresses are public and the 192 addresses are private.
int fa0/0 - internet side
ip address 10.1.1.2 255.255.255.252
int fa0/1 - lan side
ip address 10.1.2.1 255.255.255.224
int fa1/0
shut
int fa1/1
shut
I have public addresses on the inside that get routed out of course. I also have 2 192. addresses that I would like to static nat to 2 of the 10.1.2 addresses. Is this possible since the public address that I want to nat to is on the inside interface? If not is there another way to make this work without modifying or adding another ip to fa0/0 wan interface?
11-19-2003 05:57 AM
Not sure, But you can try like this.
Add seconday IP (192) to the inside interface (Fa0/1)
Do a static NAT for 192. servers.
Keep public IP's as it is.
Other way round -------
simply assign private IP (192.) to all servers inside LAN.
Change Fa0/1 IP to private IP.
And do static NAT for all servers.
11-19-2003 10:11 AM
I don't quite understand your response, however if this clarifies a little more here goes. I have public and private addresses inside and I want to nat private inside addresses without using the 10.1.1.2 address on the outside interface. I am getting the feeling that this is not possible. I want to NAT to one of the public addresses that is on the inside interface.
11-19-2003 11:22 AM
Well,I am assuming here too LAN pools.
First 192.168.0.x/24---Private address space
Second 10.1.2.x/24---Public address space
Router WAN 10.1.1.1/24 (NAT outside I/F)
Router LAN primary ip is 10.1.2.1/24,(NAT inside I/F)
secondary address 192.168.0.1/24
Pc1 ip address 192.168.0.2/24
Pc2 ip address 10.1.2.2/24
Now routing is conerned both PC's can talk to my router.
If you are using dynamic NATing in the same router first deny,(Use access-list)any source from Public address space.
Pc2 will be able to communicate to internet without any NAT translation taking place.
For PC1 NAT translation can be configured as to get eighther overload from Fa0/0(outside I/F)
or
Use static NAT to Public LAN address space (10.1.2.3 or 10.1.2.4) ...etc.(which ever is free address)
11-20-2003 07:28 AM
Thanks, I will give this a try.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide