10-20-2009 02:16 PM - edited 03-04-2019 06:26 AM
Hi all,
I have a new dual T1 circuit ordred from at&t and I was provided with the IP addresses for the WAN and the LAN. I am unclear on which IP address to use for the Nat pool. Here is a clarificaiton:
Existing router configuration:
Existing Circuit- DSL
G0/0: 98.173.157.108
G1/0: 10.10.3.0/24
G1/0.1: 10.10.0.1/24
G1/0.2: 10.10.2.1/24
ip nat pool mynetwork 98.173.157.108 98.173.157.108 netmask 255.255.255.248
New IP addresses:
S0/0: 12.90.58.66
LAN info:
IP address: 12.100.140.191/26
LAN/Ethenet/Gateway IP address: 12.100.140.192
Subnet mask: 255.255.255.192
======================================
My question:
- Do I replace the ip nat pool with WAN ip address (12.90.58.66) or the LAN IP address (12.100.14.191)?
I hope I was clear in stating my question and thanks in advance for any assistance.
SK
Solved! Go to Solution.
10-30-2009 02:17 PM
Sadik,
Is this a trick question? (J/K)
10.199.223.0/28
10.199.223.16/28
10.199.223.32/28
10.199.223.48/28
10.199.223.64/28
10.199.223.80/28
10.199.223.96/28
10.199.223.112/28
Sorry for my math. (grin)
What about the rating sytem. hehehe..
Toshi
10-21-2009 06:57 AM
Hello Sadik,
>> Do I replace the ip nat pool with WAN ip address (12.90.58.66) or the LAN IP address (12.100.14.191)?
actually both solutions are possible, however you have received a valuable public ip address block.
This can be used to create your DMZ where you can put servers that should be visible on the internet.
Or also for security reasons you may want to keep all servers private but you may like to have static ip addresses reserved to servers.
Solution 1 sees three L3 interfaces WAN, LAN and DMZ.
Solution2: has two L3 interfaces WAN and LAN.
the LAN public block can be associated in this case (solution 2) to a loopback interface that represents the pool.
This is the way I usually do.
So, there is no single answer to your question and all these possibilities can work even using single ip addresses in public block of DMZ interface for NATTING internal hosts.
Ask yourself what are your needs?
Have you got servers to be exposed to the internet that could benefit from static NAT entries?
A DMZ LAN can be useful ?
Hope to help
Giuseppe
10-21-2009 07:38 AM
Thank you Giuseppe!
I don't have a DMZ yet, so solution 2 is what I have in my environment.
So, I could do this and please feel free to provide a feedback:
S0/0: 12.90.58.66
G0/0: 12.100.14.191
ip nat pool mycompany 12.100.14.191 12.100.14.191 netmask 255.255.255.192
ip nat inside source list 199 interface g0/0 overload
Thanks in advance,
sK
10-21-2009 08:22 AM
Hello Sadik,
this can work if G0/0 is NOT your internal interface.
if it is your internal interface you should use
S0/0: 12.90.58.66
Loopback0: 12.100.14.191/26
G0/0: private ip address here
ip nat pool mycompany 12.100.14.192 12.100.14.2xy netmask 255.255.255.192
ip nat inside source list 199 pool mycompany overload
otherwise if g0/0 is your internal interface and you give it a public ip addres, well you wouldn't need NAT for users in LAN (not recommended for security reasons)
Hope to help
Giuseppe
10-22-2009 02:57 PM
Thanks Giuseppe.
One last question; should this statment include the loopback or (G0/1) physical address after the source list number:
ip nat inside source list 199 pool mycompany overload
Thanks,
sK
10-30-2009 12:32 PM
Hi again.
As I was trying to implement this, I realized that if the S0/0 is my outbound connection to the Internet, G0/1 is my inbound connection to the switch, why would I configure G0/0 if it isn't going to be plugged into anything?
I am unclear about where I need to configure 12.100.14.191/26 if I already have a connection to the carrier through the outbound (S0/0) interface!
Thanks in advance,
sK
10-30-2009 12:46 PM
Sadik,
You've purchased a new wan interface and they provided you a new public ip block. Am I right?
- Wan is s0/0 configured with the new public IP address.
- Public IP block you got is 12.100.14.191/26.
- You also have a lan IP network (Private IPs).
As per your question,it depends on what you want to do. If you want to use a new IP block as a NAT pool, you can do it. You can use it for inbound connections by configuring static NAT for a new public IP block. In case you only do dynamic NAT for outboubd connection, you can do nothing about it as well. (grin)
HTH,
Toshi
10-30-2009 01:05 PM
Thanks Toshi.
Yes, you are correct.
So, in that case, i could simply use the G0/1 or my inbound connection (Private), assign static NAT begining with the first Public IP block address(12.100.14.191), and disable G0/0, would this be correct?
Thanks,
SK
10-30-2009 01:12 PM
Sadik,
G0/0 is not used anymore. right? If yes,just disable it.
You can use the new public IP block to do static NATs. It depends on what you design. (grin)
Keep in mind, Using a pool to do dynamic NAT is limited to the number of IPs you got. If it's not enough for your active hosts inside the network, you'd better use PAT to do so.
HTH,
Toshi
10-30-2009 01:28 PM
Thanks Toshi!
sK
10-30-2009 01:56 PM
Toshi,
How would you subnet this ip address to 7 subnets: 10.199.223.0/25?
Thanks in advance,
sK
10-30-2009 02:17 PM
Sadik,
Is this a trick question? (J/K)
10.199.223.0/28
10.199.223.16/28
10.199.223.32/28
10.199.223.48/28
10.199.223.64/28
10.199.223.80/28
10.199.223.96/28
10.199.223.112/28
Sorry for my math. (grin)
What about the rating sytem. hehehe..
Toshi
10-30-2009 02:22 PM
Thanks again, Toshi!
No, it wasn't a trick question.. lol. I just wanted to verify my subnetting skills!
Thanks again,
sK
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide