Solved: confused NAT pool statment

Amafsha1 · ‎09-14-2018

Hello, I'm confused about a NAT pool statement in the configs:

ip nat pool mypool 10.2.14.15 10.2.14.15 netmask 255.255.255.248

ip nat inside source list 2 pool mypool overload

What's the point of putting the "netmask" statement when the ip range doesn't move and is just 10.2.14.15 - 10.2.14.15. So it seems that anyone that is NAT'ed against this pool will only get an IP of 10.2.14.15 with different port numbers because of overload.

Georg Pauwen · ‎09-14-2018

Hello,

actually, you have a good point. It used to be that a WAN IP needed to be at least a /30 address, since you would need a corresponding address on the other side. Nowadays a lot of ISPs dish out /32 addresses. You cannot even configure a pool with a /32 netmask, the IOS will throw an error. So for now, the syntax requires the netmask. Not sure if there are plans in the future to 'equip' IOS with a pool host option.

View solution in original post

Georg Pauwen · ‎09-14-2018

Hello,

actually, you have a good point. It used to be that a WAN IP needed to be at least a /30 address, since you would need a corresponding address on the other side. Nowadays a lot of ISPs dish out /32 addresses. You cannot even configure a pool with a /32 netmask, the IOS will throw an error. So for now, the syntax requires the netmask. Not sure if there are plans in the future to 'equip' IOS with a pool host option.

Amafsha1 · ‎09-14-2018

aaah interesting. So it seems this an issue with not being able to configure a /32 so they put in the .248 netmask there. Thank you

Georg Pauwen · ‎09-14-2018

Indeed, the syntax requires a netmask. /30 is the smallest you can configure. I don't know why they configured a /29 netmask, it might be that their IP address actually really belongs to that subnet...

Amafsha1 · ‎09-14-2018

yeah that's a good question. I'm confused about that as well.