Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
702
Views
0
Helpful
5
Replies

NAT command

sridhar ch
Level 1
Level 1

‎02-04-2021 05:44 AM

Hi,

 

I want to NAT my LAN (10.0.0.0/8) to a single public IP other than the WAN IP, what would be the NAT command. I can use NAT overload if I have to use WAN IP. But want to go with other IP  due to dependency on the IP.

 

Thanks,

Sridhar

 

 

Labels:
0 Helpful
5 Replies 5

Georg Pauwen
VIP
VIP

‎02-04-2021 05:51 AM

Hello,

 

use a pool. In the example below, 1.1.1.1/30 is the public IP address, replace that with whatever address you have:

 

ip nat pool PUBLIC_IP 1.1.1.1 1.1.1.1 netmask 255.255.255.252
ip nat inside source list 1 pool PUBLIC_IP overload
!
access-list 1 permit 10.0.0.0 0.255.255.255

0 Helpful

sridhar ch
Level 1
Level 1
In response to Georg Pauwen

‎02-04-2021 06:05 AM

thx for your reply. can u confirm if the subnet mask is 255.255.255.255 but not 255.255.255.252.

 

also can i have a loopback with 1.1.1.1 and go with NAT overload. if so, do i need to define "ip nat outside" on the loop back or on the WAN interface? think loop back, correct me if i am wrong.

0 Helpful

Georg Pauwen
VIP
VIP
In response to sridhar ch

‎02-04-2021 06:20 AM

Hello,

 

1.1.1.1 is just an example. if you have a /32 mask, you can change the pool netmask to that:

 

ip nat pool PUBLIC_IP 1.1.1.1 1.1.1.1 netmask 255.255.255.255
ip nat inside source list 1 pool PUBLIC_IP overload
!
access-list 1 permit 10.0.0.0 0.255.255.255

 

The public IP address used in the pool can be any address, it doesn't matter what IP address you have configured on the NAT outside interface. The NAT outside interface is the WAN interface, not any loopback.

 

Here is an example, putting it all together.

interface GigabitEthernet0/0

description ISP Link

ip address 100.100.100.1 255.255.255.252

ip nat outside

!

interface GigabitEthernet0/1

description LAN

ip address 10.0.0.1 255.0.0.0

ip nat inside

!

ip nat pool PUBLIC_IP 1.1.1.1 1.1.1.1 netmask 255.255.255.255
ip nat inside source list 1 pool PUBLIC_IP overload
!
access-list 1 permit 10.0.0.0 0.255.255.255

 

 

 

0 Helpful

balaji.bandi
Hall of Fame
Hall of Fame

‎02-04-2021 06:11 AM

as per the example  /30 that subnet is correct. if the subnet /32 - then you need to go with 255.255.255.255

 

you can change what ever subnet you are using in your environement, test and advise.

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

0 Helpful

paul driver
VIP
VIP

‎02-04-2021 12:21 PM - edited ‎02-04-2021 12:22 PM

Hello

@sridhar ch wrote:

I want to NAT my LAN (10.0.0.0/8) to a single public IP other than the WAN IP,

The only way you can do this  if that "other ip"  is reachable on the public network.


Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul
0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card