10-14-2013 08:01 AM - edited 03-04-2019 09:18 PM
Hi,
i'm trying to figure out the configuration to obtain a dual nat routing.
I have 1 + 8 public ip addresses:
1.1.1.1 255.255.255.255
2.2.2.0 255.255.255.240
Now i would have 2 private ip addresses on the router (192.168.0.1 and 192.168.0.2) so that clients using 192.168.0.1 as default router are natted via 1.1.1.1 while clients using 192.168.0.2 as default routerare natted via 2.2.2.2
Is this config possible and how ?
Thanks in advance
Solved! Go to Solution.
10-15-2013 11:11 PM
Hi Rizwan,
Mau is talking about inside secondary address not outside one and so the example youprovided is not correct.
As I already replied :
he divides its hosts into 2 pools in DHCP with each a different default gateway and then he configures 2 NAT ACLs(one for each pool) and 2 corresponding NAT overload statements.
The VRF solution I thought of is surely not a valid solution after careful thinking
Regards
Alain
Don't forget to rate helpful posts.
10-14-2013 07:03 PM
Hi Mau,
Please follow the config.
interface FastEthernet0/0
ip address 1.1.1.1 255.255.255.255
ip nat outside
interface FastEthernet0/1
ip address 192.168.0.10 255.255.255.0
ip nat inside
!
access-list 101 permit ip host 192.168.0.1 any
access-list 102 permit ip host 192.168.0.2 any
ip nat inside source list 101 interface FastEthernet0/0 overload
ip nat inside source list 102 2.2.2.2 overload
Please make sure you have a defautl route in place on your router.
thanks
Rizwan Rafeek
10-15-2013 01:43 AM
Hi Rizwan and thanks for your answer.
On my cisco 800 i can't assign an ip address to fastethernet(s)
# (config-if)#ip address 1.1.1.1 255.255.255.240
% IP addresses may not be configured on L2 links.
Maybe do i need to assign them to loopbacks ?
Thanks
Mau
10-15-2013 02:10 AM
Hi,
This is normal behavior, a layer 2 port(switchport) can't be configured with an IP address, you have to configure a vlan interface and give it an IP address.
Now concerning your original problem as your 2 IPs on the router will be on same interface( using secondary address),you'll have to split your network in half( one half using the primary address and the other half using the secondary address).The other solution I can think of right now would be using VRF Lite( so any host can use any IP as default gateway and you should be able to achieve what you want).
Regards
Alain
Don't forget to rate helpful posts.
10-15-2013 05:58 PM
Hi Mau,
On Cisco 800 router, you should be able to find a standalone single port WAN interface, under that port you should be able to assign multiple sub secondary addresses as many as you want to. Please stick to actual subnet mask given for those ip addresses by your ISP.
interface Ethernet0
ip address 1.1.1.1 255.255.255.255 secondary
ip address 2.2.2.2 255.255.255.240
access-list 101 permit ip host 192.168.0.1 any
access-list 102 permit ip host 192.168.0.2 any
ip nat inside source list 101 1.1.1.1 overload
ip nat inside source list 102 2.2.2.2 overload
Hope this helps.
thanks
Rizwan Rafeek.
10-15-2013 11:11 PM
Hi Rizwan,
Mau is talking about inside secondary address not outside one and so the example youprovided is not correct.
As I already replied :
he divides its hosts into 2 pools in DHCP with each a different default gateway and then he configures 2 NAT ACLs(one for each pool) and 2 corresponding NAT overload statements.
The VRF solution I thought of is surely not a valid solution after careful thinking
Regards
Alain
Don't forget to rate helpful posts.
10-17-2013 07:19 AM
Hi,
thanks for your answers.
Rizwan your solution is not what i was asking for.
Alain thanks for the ansewer even if it is unuseful.
As far as i can see the only way to achive my target is to add an additional router which will be the second NAT router so, the first will perform nat on 1.1.1.1 and the second on 2.2.2.2.
I imagined this solution:
Loop10 192.168.0.1 (nat inside 1)
Loop11 192.168.0.2 (nat inside 2)
Dialer0 1.1.1.1 (nat outside 1)
Loop0 2.2.2.2 (nat outside 2)
Ethernet unnumbered
but i was wrong thinking a router can perform a dual independent NAT on address assigned to loopback interfaces.
Thanks again
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide