Solved: 1:1 nat or Static NAT alongside Nat Overload on 1921 router

bittrekker · ‎11-23-2015

Sorry if this is too simple question of a question. Perhaps it's terminology, but I'm unsure whether I have found the correct information.

I have a block of IP addresses from my ISP. My router is currently using one of them.

Just as an example, let's say that the router is

172.160.5.21

And the modem is

172.160.5.20

On the LAN, I have a device with a static private IP address. I would like it to reach out to the internet via a publicly routable IP address separate from the IP address that the router is using for PAT (Nat overload) with the rest of the network.

I can do this with an ASA. For example:

static (inside,outside) 172.160.5.22 192.168.10.22 netmask 255.255.255.255 dns

Would translate all taffic to or from 192.168.10.22 as 172.160.5.22 to the internet.

For a 1921 router, would the following command:

ip nat inside source static 192.168.10.22 172.160.5.22

be create the same configuration? And can it safely be used alongside a fail-over style nat overload setup

eg:

route-map isp2 permit 10
 match ip address 100
 match interface GigabitEthernet0/0/0
!
route-map isp1 permit 10
 match ip address 100
 match interface GigabitEthernet0/1

ip nat inside source route-map isp1 interface GigabitEthernet0/1 overload
ip nat inside source route-map isp2 interface GigabitEthernet0/0/0 overload

Jon Marshall · ‎11-23-2015

The "ip nat inside ..." line is correct ie. it is doing the same as the ASA line.

However it's not clear exactly what you mean when you say you want it to use the same public IP as the one you are using for overloading because your example doesn't suggest that.

If you want to use an IP from the same range as the overloaded IP then yes just use your line.

If you want to use the same IP for both then no you can't do that, you would need to use static PAT ie. specify the ports as well.

In terms of failover it depends on whether the IP you are using is from one of the ISPs or not.

If it is then it would need to advertised via the other ISP as well and they may not want to do that.

If the public address range is provider independant then yes you should be able to use it on both links again assuming it is being advertised to both ISPs.

Jon

View solution in original post

Jon Marshall · ‎11-23-2015

The "ip nat inside ..." line is correct ie. it is doing the same as the ASA line.

However it's not clear exactly what you mean when you say you want it to use the same public IP as the one you are using for overloading because your example doesn't suggest that.

If you want to use an IP from the same range as the overloaded IP then yes just use your line.

If you want to use the same IP for both then no you can't do that, you would need to use static PAT ie. specify the ports as well.

In terms of failover it depends on whether the IP you are using is from one of the ISPs or not.

If it is then it would need to advertised via the other ISP as well and they may not want to do that.

If the public address range is provider independant then yes you should be able to use it on both links again assuming it is being advertised to both ISPs.

Jon

bittrekker · ‎11-23-2015

Thanks.

Sorry for the incorrectly worded statement. I do not want it to use the same public IP, but rather a different public IP within the same public subnet.

In terms of failover it depends on whether the IP you are using is from one of the ISPs or not.

The IP for the static NAT is from the main ip block, not the backup route, so within the same subnet as

GigabitEthernet0/1

Thanks for your confirmation, I feel much more confident adding this!

bittrekker · ‎11-24-2015

it worked like a charm

1:1 nat or Static NAT alongside Nat Overload on 1921 router

NAT overload の設定例

Static NAT の設定例

IOS-XE/XE SD-WAN: NAT Interface Overload で Port 5152 を重複して使用する問題

IOS-XE Router では NAT+HSRP 併用時の注意点について

【原创】NAT&NAT穿越笔记ASA&Router