Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
4370
Views
30
Helpful
20
Replies

ISR 4321 Public LAN IPs

Go to solution
Zydain
Level 1
Level 1

‎11-12-2021 01:00 PM

If provided a Public WAN IP and a set of Public LAN IPs, where would I assign the Public LAN IPs?

 

I have the WAN IP assigned to the Gb0/0/0 Port.

 

I am unable to assign the LAN Public IPs to the actual NIM card slots, so would I assign the Public LAN IPs to VLANs?

Labels:
20 Replies 20

Go to solution
Zydain
Level 1
Level 1
In response to paul driver

‎11-30-2021 08:17 AM - last edited on ‎12-01-2021 11:24 PM by Community Manager

So it's solely a NAT thing is what I think you're saying.  I was trying to do PAT/NAT overload to accomplish this, but I didn't get very far due to an error.

 

I ran these commands but I got an error after the second one:

 

ip nat pool HbugPool 209.X.X.X 209.X.X.X netmask 255.255.255.192

ip nat inside source list 10 pool HbugPool overload

 

Error: Cannot change mapping's source type, or the mapping already exists; remove mapping first to make change.

 

I then removed my static NAT “band aid” that I have in place allowing one server to have the 209.X.X.X address temporarily, but got the same message after removing it so I put that static NAT back in place. 

 

I've attached my running config.

Preview file
22 KB
0 Helpful

Go to solution
paul driver
VIP
VIP
In response to Zydain

‎11-30-2021 10:17 AM - last edited on ‎12-01-2021 11:26 PM by Community Manager

Hello
Your nat configuration looks like it has statements that are not necessary, pointing to the wrong wan interface, conflicting access-list or ones that don’t even exist and multiple overload statements that just single one could accomplish?

 

Suggest the following:

no ip nat inside source route-map track-primary-if interface GigabitEthernet0/0/0 overload 
no ip nat pool testnet 209.Y.Y.Y 209.Y.Y.Y netmask 255.255.255.192
no ip nat pool HbugPool 209.X.X.X 209.X.X.X netmask 255.255.255.192
no ip nat inside source list 1 interface GigabitEthernet0/0/0 overload 
no ip nat inside source list 15 interface GigabitEthernet0/0/1 overload
no ip access-list standard 1
no ip access-list standard 10
no ip access-list standard 15




ip access-list standard10
deny(specfic lan subnet)
deny host 192.168.1.100
deny host 10.10.10.197
deny host 10.10.10.7
deny host 10.10.10.32
deny host 192.168.1.101
deny host 192.168.2.50
permit 10.0.0.0 0.255.255.255
permit 192.168.2.0 0.0.0.255
permit 192.168.1.0 0.0.0.255
permit 172.16.0.0 0.0.255.255
permit etc...


ip access-list standard newpat
permit (specfic lan subnet)


ip nat pool new-public-ip y.y.y.y y.y.y.y netmask x.x.x.x
ip nat inside source list newpat pool new-public-ip

Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul

Go to solution
Zydain
Level 1
Level 1
In response to paul driver

‎11-30-2021 11:35 AM - edited ‎11-30-2021 11:37 AM

Are we denying those hosts so I can utilize the static NAT I've already put in place?  Also, I'm not sure what (specific lan subnet) is... Sorry I'm learning as I go.

0 Helpful

Go to solution
paul driver
VIP
VIP
In response to Zydain

‎11-30-2021 12:17 PM

Hello

@Zydain wrote:

Are we denying those hosts so I can utilize the static NAT I've already put in place? 

Yes
No need to have those hosts in the dynamic pat pool if you have specific static entries for them, unless you wish those internal hosts to reach additional ports not statically assigned?

 

 

@Zydain wrote:

  Also, I'm not sure what (specific lan subnet) is... Sorry I'm learning as I go.

Thats just a remark to say the lan subnet you wish to be natted to the new public address needs to be entered here


Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul

Go to solution
Zydain
Level 1
Level 1
In response to paul driver

‎11-30-2021 06:24 PM - edited ‎11-30-2021 06:24 PM

@paul driver Came in after hours and was able to get this working as I wanted it.  Tried what you said once, and lost myself Internet access somehow.  Reloaded and tried what you said above again after clearing the NAT translation list clear ip nat translation * and it worked (not sure if it was coincidence or not).  Reloading to a point before all my failed configuration test attempts I kept making probably didn't hurt either lol.

0 Helpful

Go to solution
paul driver
VIP
VIP

‎11-30-2021 11:17 PM

Hello

That’s good news-thank you for the feedback and marked solution 


Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul
0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card