Solved: 2 internal networks with Pat

brb719648 · ‎01-17-2020

Hi All,

I have a problem that I have thought about many times before but never really found the solution that I thought was correct. In my current problem I have a single router. This router has a public IP space with a /27 address. The router has an IP on its external interface (expected) and the internal network clients access the outside network using PAT. With this configuration the IPs seen by device on the internet is the public IP configured on the interface of my router, which is also expected and all works fine. Now my company has acquired a new company. We would like to use our existing equipment and IP space but have the NATed outside IP address be different then the IP currently configured on the interface. When I attempt to configured a sub interface I get IP overlap error which I expected. The only solution I have found so far is to configured both NATs to use a Pool of 1 IP for my NAT to the outside. Is there a better way?

Thanks

brb719648 · ‎01-17-2020

Hello Gerog,
Yes. The NAT'd outside IPs will be on the same address space. I set this up in a lab but thought that the current method with Pools was a bit of a hack so just wanted to be sure I wasn't missing anything.

View solution in original post

Georg Pauwen · ‎01-17-2020

Hello,

if both IP addresses are from the same address space/subnet, I would say a pool is the best and probably the only way. Are you running into some specific problem ?

brb719648 · ‎01-17-2020

Hello Gerog,
Yes. The NAT'd outside IPs will be on the same address space. I set this up in a lab but thought that the current method with Pools was a bit of a hack so just wanted to be sure I wasn't missing anything.

Georg Pauwen · ‎01-17-2020

Hello,

I think using pools is the correct way of doing it. As you already noted, you cannot configure another (sub) interface or even a secondary address with an address from the same address space...

brb719648 · ‎01-17-2020

Hello,
Excellent. Thanks for helping out. Going to jump into the pools.

Thanks
Ben

paul driver · ‎01-17-2020

Hello

@brb719648 wrote:
Hello Gerog,
Yes. The NAT'd outside IPs will be on the same address space.

So you dont need to asign any other public addressing be it secodnary or sub interface,just split the address range with nat pools and multiple access-lists.

example1

Lan subnet 10.1.34.0/24
access-list 100 permit ip 10.1.34.0 0.0.0.127 any
access-list 101 permit ip 10.1.34.128 0.0.0.127 any

ip nat pool isp1 10.1.12.2 10.1.12.2 prefix-length 29
ip nat pool isp2 10.1.12.4 10.1.12.4 prefix-length 29

ip nat inside source list 100 pool isp1
ip nat inside source list 101 pool isp2

Now if you wish to nat on a addtioanl different public ip address inline with your exsiting public ip address correct, Then this is also applicable.as long as the secondary public ip address is reachable via the same ISP then all you need to do is apply the addtional public ip address to the internet facing wan interface as a secondary ip address and again split your nat access-list with differing nat pools to load balance between from you lan towards the two inside global public addressing

example2

Lan subnet 10.1.34.0/24

interface x/x
description WAN
ip nat outside
ip address 10.1.122.2 255.255.255.252 secondary
ip address 10.1.12.2 255.255.255.252

access-list 100 permit ip 10.1.34.0 0.0.0.127 any
access-list 101 permit ip 10.1.34.128 0.0.0.127 any

ip nat pool isp1 10.1.12.2 10.1.12.2 prefix-length 30
ip nat pool isp2 10.1.122.2 10.1.122.2 prefix-length30

ip nat inside source list 100 pool isp1
ip nat inside source list 101 pool isp2

Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul