05-14-2010 12:08 PM - edited 03-04-2019 08:29 AM
I have been tasked with setting up a 2900 series router to support a new Metro Ethernet connection to the Internet for a customer. Here is the scenario necessary for the configuration:
1) The connection to the Internet is on a slash 30 network (for example purposes, lets say the number is 205.163.15.92/30. I will be configuring the .94 address on the Ethernet interface which faces the Internet, and the Gateway address will be .93. This will be on the G0/0 interface.
2) The network that i have to use on what we can call the "Inside" is 192.168.15.0/24. I will be using a DHCP scope on the router to hand out addresses to clients. This will be on the G0/2 interface.
3) The ISP will be routing a large part of a routable Class C network to us via the /30 network. Lets say that addresses 206.248.224.33-254 will be available. Because these are publicly routable addresses, I need for these routable addresses to somehow be NAT'd against the 192.168.15.0 addresses off of the inside interface, so that users on the inside will be able to have one on one NAt connection between the 15. network and the 206.248.224 network.
Do I need to somehow configure a subinterface? If so, where should I configure it?
Thanks
Kevin
Solved! Go to Solution.
05-14-2010 12:11 PM
Kevin,
If your router is not going to have an IP that belongs to the 206.248.224.33-254 range, then just create the appropiate NAT
statements on your router to those IPs and have the ISP route back to your routers those packets.
Federico.
05-14-2010 12:11 PM
Kevin,
If your router is not going to have an IP that belongs to the 206.248.224.33-254 range, then just create the appropiate NAT
statements on your router to those IPs and have the ISP route back to your routers those packets.
Federico.
05-14-2010 12:24 PM
Federico
Sounds simple enough. I was just assuming that I would have to have an IP address somewhere on the router in the 206.248.224. range in order for that to work properly...
Kevin
05-14-2010 12:27 PM
Kevin,
In order to NAT internal devices to a range of public IPs, there's no need for your router to have an interface on that range,
as long as the ISP routes the packet back to you properly.
Federico.
05-14-2010 12:28 PM
k-melton wrote:
Federico
Sounds simple enough. I was just assuming that I would have to have an IP address somewhere on the router in the 206.248.224. range in order for that to work properly...
Kevin
Kevin
As long as the ISP is routing that subnet to the outside interface of your router and as long as you have not disabled proxy-arp then as Federico says you simply just setup your static NAT statements ie. you don't have to assign any of the subnet addresses to a physical interface on your router.
Jon
05-14-2010 12:46 PM
Question, why are you even doing one to one NAT's for internal IP's. Why not just
NAT all internal IP's to one specific external IP? Less administration.
05-17-2010 07:12 AM
Stonnet72
The reason we need to perform one on one NAT is due to the fact that most of the inside clients will be using VPN to get back to their companies networks. VPN's do not work well with PAT.
If that was not the case, I would certainly use PAT vs. NAT with a single PAT address.
Thanks for your response.
Kevin
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide