cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
504
Views
0
Helpful
5
Replies

NAT command

sridhar ch
Beginner
Beginner

Hi,

 

I want to NAT my LAN (10.0.0.0/8) to a single public IP other than the WAN IP, what would be the NAT command. I can use NAT overload if I have to use WAN IP. But want to go with other IP  due to dependency on the IP.

 

Thanks,

Sridhar

 

 

5 Replies 5

Georg Pauwen
VIP Master VIP Master
VIP Master

Hello,

 

use a pool. In the example below, 1.1.1.1/30 is the public IP address, replace that with whatever address you have:

 

ip nat pool PUBLIC_IP 1.1.1.1 1.1.1.1 netmask 255.255.255.252
ip nat inside source list 1 pool PUBLIC_IP overload
!
access-list 1 permit 10.0.0.0 0.255.255.255

thx for your reply. can u confirm if the subnet mask is 255.255.255.255 but not 255.255.255.252.

 

also can i have a loopback with 1.1.1.1 and go with NAT overload. if so, do i need to define "ip nat outside" on the loop back or on the WAN interface? think loop back, correct me if i am wrong.

Hello,

 

1.1.1.1 is just an example. if you have a /32 mask, you can change the pool netmask to that:

 

ip nat pool PUBLIC_IP 1.1.1.1 1.1.1.1 netmask 255.255.255.255
ip nat inside source list 1 pool PUBLIC_IP overload
!
access-list 1 permit 10.0.0.0 0.255.255.255

 

The public IP address used in the pool can be any address, it doesn't matter what IP address you have configured on the NAT outside interface. The NAT outside interface is the WAN interface, not any loopback.

 

Here is an example, putting it all together.

interface GigabitEthernet0/0

description ISP Link

ip address 100.100.100.1 255.255.255.252

ip nat outside

!

interface GigabitEthernet0/1

description LAN

ip address 10.0.0.1 255.0.0.0

ip nat inside

!

ip nat pool PUBLIC_IP 1.1.1.1 1.1.1.1 netmask 255.255.255.255
ip nat inside source list 1 pool PUBLIC_IP overload
!
access-list 1 permit 10.0.0.0 0.255.255.255

 

 

 

balaji.bandi
VIP Guru VIP Guru
VIP Guru

as per the example  /30 that subnet is correct. if the subnet /32 - then you need to go with 255.255.255.255

 

you can change what ever subnet you are using in your environement, test and advise.

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

paul driver
VIP Expert VIP Expert
VIP Expert

Hello


@sridhar ch wrote:

I want to NAT my LAN (10.0.0.0/8) to a single public IP other than the WAN IP,

The only way you can do this  if that "other ip"  is reachable on the public network.


Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Recognize Your Peers