cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
141
Views
0
Helpful
3
Replies

Cisco 1841 question

Youngpatriot
Level 1
Level 1

I'm maintaining a config done by someone else for a little network I have here at home. I run a single web server on a static IP, but have 4 IP addresses assigned to be available by my ISP. It was originally thought that I might run a second server, but that's not happening. At any rate, from time to time, my web server ends up with the second IP I have assigned instead of the first. Not sure why, but that's my life. In looking at the config on my 1841, I see the following line:

ip nat pool NAT 24.261.149.49 24.261.149.50 netmask 255.255.255.224   (not the actual IP values)

I assume that this makes my first two static IP addresses available for use. Can I simply remove the second IP address from the command, and thereby eliminate the possibility of my server ending up as .50? Or should there be no pool at all, and I use another command instead? I'm learning, but it isn't fast for me for a lot of reasons.

Thanks in advance.

3 Replies 3

Youngpatriot
Level 1
Level 1

BTW, the next line is:

ip nat inside source list 1 pool NAT overload

Boyan Sotirov
Level 1
Level 1

What you describe is an expected behavior. You're having a NAT pool with two available public IP addresses, so after the sessions assigned on the first address are depleted, the system starts using the second one.

What you need is a PAT configuration port address translation, so that your server could be reachable from the public Internet.

What is important with NAT is that the NAT translation is initiate from the interfaces defined as "inside" in your configuration.

So if you have two more "spare" public IP addresses you could statically translate the connections to your server and with the added benefit that once a request to the server comes from the public Internet, the router will "forward" it to the internal host (the internal IP address of your server).

Here and example of PAT configuration:

ip nat inside source static <protocol> <public-ip-address> <dst-port> <translated-ip-address> <translated-port>

 

Hope this helps...

 

 

Boyan

 

Paul Morgan
Level 1
Level 1

in short yes, you can change the second IP to .49 and only NAT using the one address. But it would be better to use a static translation with your PAT overload using the interface connected to your ISP. Either way is fine really.

 

So, to ensure you maintain the commands, delete the IP NAT POOL line and change your other line to

ip nat inside source list 1 {outside interface} overload

eg ip nat inside source list 1 interface fastethernet 0/1 overload

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: