07-11-2008 10:31 AM - edited 03-03-2019 10:41 PM
I have a scenario where my ISP is providng only private IP(192.168.x.x) with a gateway(192.168.x.x) and a dns server(public). I have an internal LAN with IP's in the range 172.16.x.x. Is it possible to configure my ISP's IP address on fa0/0 and my internal IP address on fa0/1 ? Will the clients in the internal netwrok be able to access internet ?
Solved! Go to Solution.
07-11-2008 12:55 PM
Abraham
This is certainly possible on the 2811 to translate addresses even when both addresses are in the private address range. In fact for translation it really does not matter whether the address ranges are private or public. Your config might look something like this:
interface fast0/0
ip nat outside
interface fast0/1
ip nat inside
access-list 50 permit 172.16.1.0 0.0.0.255
ip nat inside source list 50 interface fast0/0 overload
HTH
Rick
07-11-2008 10:41 AM
Abraham
There is an issue that usually comes up when you connect a router to an ISP. The issue is that the ISP must have a route to the address space inside your network. This is true whether the ISP is assigning you a public address for the interface connecting to them (the usual case) or is assigning a private address for that interface (this is your case). The common way to solve that issue is to translate your inside addresses into the address space assigned to you by the ISP. So if you translate your 172.16.x.x addresses into the 192.168.x.x addresses then your users should be able to access the Internet.
It may also be possible to negotiate with the ISP and have them route your 172.16.x.x addresses to you. In that case your users would be able to access the Internet without address translation (actually the ISP will be translating addresses for Internet access).
If you do not do one of these alternatives then I do not see how your users would be able to access the Internet.
HTH
Rick
07-11-2008 12:04 PM
Rick,
I like to go with the first solution you proposed in which case my internal LAN 172.16.x.x address will be translated to 192.168.x.x. But is this possible with Cisco 2811 routers since both address are in the private IP range ? If yes how should the routing table look like ?
The actual scenario's is as below
External IP on fe0/0
IP : 192.168.128.101
Subnet : 255.255.255.0
Gateway : 192.168.128.100
DNS: 85.x.x.x
Internal IP on fe0/1
IP: 172.16.1.1
Subnet : 255.255.255.0
I have done this using ISA server with two interface cards and it works fine but I am not sure with the CISCO 2800 series routers.
07-11-2008 12:55 PM
Abraham
This is certainly possible on the 2811 to translate addresses even when both addresses are in the private address range. In fact for translation it really does not matter whether the address ranges are private or public. Your config might look something like this:
interface fast0/0
ip nat outside
interface fast0/1
ip nat inside
access-list 50 permit 172.16.1.0 0.0.0.255
ip nat inside source list 50 interface fast0/0 overload
HTH
Rick
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide