cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
6457
Views
10
Helpful
4
Replies

NAT Overload to Single IP pool

Hi there,

 I have a requirement to NAT source ip address list to a single ip address. The NAT ip address is already overlap with the interface ip address subnet, hence I can't overload the NAT to a /32 loopback ip address. I plan to use a single ip address pool.

 

I use the below syntax, 

 

!
ip nat inside source list 100 pool TEST overload
!
R1(config)#ip nat pool TEST 10.10.13.101 10.10.13.101 netmask 255.255.255.255
%Pool TEST mask 255.255.255.255 too small; should be at least 255.255.255.252

But when i try this as below, it is working.

 

ip nat pool TEST 10.10.13.101 10.10.13.101 netmask 255.255.255.252

I wish to know whether it is a correct approach to full-fill my requirement.

 

Thanks in Advance

1 Accepted Solution

Accepted Solutions

Hello Luis, Prasanay,

Please allow me to join.

Luis, what Prasanay is saying is that he needs to perform PAT to a specific IP address that is not configured on any of his interfaces, and because of existing constraints, he cannot assign that address to his outgoing interface. Therefore, the approach using ip nat inside source list acl interface interface overload sadly cannot be used.

Prasanay, your initial approach is correct despite the 255.255.255.252 mask. The netmask in the ip nat pool command is only used to avoid allocating IP addresses from the pool that would - with the given mask - correspond to either an IP network (subnet) address, or a subnet broadcast address. This allowed you to put an entire subnet range into the pool, and yet avoid allocating the subnet address or the broadcast address for NAT purposes - the router would automatically skip them. Beyond that, the netmask in the NAT pool configuration has no other use.

Best regards,
Peter

View solution in original post

4 Replies 4

luis_cordova
VIP Alumni
VIP Alumni

Hi prasany@sg.ibm.com,

 

If you have only one public ip, there is no need to configure a pool.
You can try to overload the interface where this only public ip is configured.

 

R1(config)#ip nat inside source list 100 interface <int with tah public ip> overload

 

Regards

Hi luis_cordova,

  Actually the requirement is to NAT to the specific IP (10.10.13.101), retaining the existing interface ip address. Hence I cannot change the interface ip address at the router.

 

 

 

 

Hi prasany@sg.ibm.com,

 

In the NAT that I proposed, it is not necessary to change the existing public ip.
By overloading the public interface, the current ip of that interface is overloaded.

 

Regards

Hello Luis, Prasanay,

Please allow me to join.

Luis, what Prasanay is saying is that he needs to perform PAT to a specific IP address that is not configured on any of his interfaces, and because of existing constraints, he cannot assign that address to his outgoing interface. Therefore, the approach using ip nat inside source list acl interface interface overload sadly cannot be used.

Prasanay, your initial approach is correct despite the 255.255.255.252 mask. The netmask in the ip nat pool command is only used to avoid allocating IP addresses from the pool that would - with the given mask - correspond to either an IP network (subnet) address, or a subnet broadcast address. This allowed you to put an entire subnet range into the pool, and yet avoid allocating the subnet address or the broadcast address for NAT purposes - the router would automatically skip them. Beyond that, the netmask in the NAT pool configuration has no other use.

Best regards,
Peter

Review Cisco Networking for a $25 gift card