01-17-2020 01:00 PM
Hi All,
I have a problem that I have thought about many times before but never really found the solution that I thought was correct. In my current problem I have a single router. This router has a public IP space with a /27 address. The router has an IP on its external interface (expected) and the internal network clients access the outside network using PAT. With this configuration the IPs seen by device on the internet is the public IP configured on the interface of my router, which is also expected and all works fine. Now my company has acquired a new company. We would like to use our existing equipment and IP space but have the NATed outside IP address be different then the IP currently configured on the interface. When I attempt to configured a sub interface I get IP overlap error which I expected. The only solution I have found so far is to configured both NATs to use a Pool of 1 IP for my NAT to the outside. Is there a better way?
Thanks
Solved! Go to Solution.
01-17-2020 02:02 PM
01-17-2020 01:47 PM
Hello,
if both IP addresses are from the same address space/subnet, I would say a pool is the best and probably the only way. Are you running into some specific problem ?
01-17-2020 02:02 PM
01-17-2020 02:16 PM
Hello,
I think using pools is the correct way of doing it. As you already noted, you cannot configure another (sub) interface or even a secondary address with an address from the same address space...
01-17-2020 02:18 PM
01-17-2020 04:50 PM - edited 01-17-2020 04:53 PM
Hello
@brb719648 wrote:
Hello Gerog,
Yes. The NAT'd outside IPs will be on the same address space.
So you dont need to asign any other public addressing be it secodnary or sub interface,just split the address range with nat pools and multiple access-lists.
example1
Lan subnet 10.1.34.0/24
access-list 100 permit ip 10.1.34.0 0.0.0.127 any
access-list 101 permit ip 10.1.34.128 0.0.0.127 any
ip nat pool isp1 10.1.12.2 10.1.12.2 prefix-length 29
ip nat pool isp2 10.1.12.4 10.1.12.4 prefix-length 29
ip nat inside source list 100 pool isp1
ip nat inside source list 101 pool isp2
Now if you wish to nat on a addtioanl different public ip address inline with your exsiting public ip address correct, Then this is also applicable.as long as the secondary public ip address is reachable via the same ISP then all you need to do is apply the addtional public ip address to the internet facing wan interface as a secondary ip address and again split your nat access-list with differing nat pools to load balance between from you lan towards the two inside global public addressing
example2
Lan subnet 10.1.34.0/24
interface x/x
description WAN
ip nat outside
ip address 10.1.122.2 255.255.255.252 secondary
ip address 10.1.12.2 255.255.255.252
access-list 100 permit ip 10.1.34.0 0.0.0.127 any
access-list 101 permit ip 10.1.34.128 0.0.0.127 any
ip nat pool isp1 10.1.12.2 10.1.12.2 prefix-length 30
ip nat pool isp2 10.1.122.2 10.1.122.2 prefix-length30
ip nat inside source list 100 pool isp1
ip nat inside source list 101 pool isp2
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide