02-21-2020 02:13 PM
i have gateway 196.204.80.240/29 ( i have 6 free ip use 241 for GW and others free )
i can use 241 for example gateway and any one as real ip
my question is it better for the internet pool to make it like this :
ip nat pool PUBLIC_POOL 196.204.80.241 196.204.80.241 netmask 255.255.255.248
ip nat inside source list 1 pool PUBLIC_POOL overload
ip route 0.0.0.0 0.0.0.0 GigabitEthernet0/1.328 172.19.138.89
or
ip nat pool PUBLIC_POOL 196.204.80.241 196.204.80.246 netmask 255.255.255.248
ip nat inside source list 1 pool PUBLIC_POOL overload
ip route 0.0.0.0 0.0.0.0 GigabitEthernet0/1.328 172.19.138.89
access-list 1 permit 192.168.2.0 0.0.0.255
access-list 1 permit 192.168.3.0 0.0.0.255
access-list 1 permit 192.168.4.0 0.0.0.255
access-list 1 permit 192.168.5.0 0.0.0.255
access-list 1 permit 192.168.6.0 0.0.0.255
access-list 1 permit 192.168.7.0 0.0.0.255
access-list 1 permit 192.168.8.0 0.0.0.255
access-list 1 permit 192.168.9.0 0.0.0.255
access-list 1 permit 192.168.10.0 0.0.0.255
access-list 1 permit 192.168.11.0 0.0.0.255
access-list 1 permit 192.168.12.0 0.0.0.255
access-list 1 permit 192.168.13.0 0.0.0.255
interface GigabitEthernet0/1
description connected to WAN
no ip address
ip flow ingress
ip flow egress
ip nat outside
ip virtual-reassembly in
duplex auto
speed auto
no mop enabled
interface GigabitEthernet0/1.328
description connected to PRIMARY_ISP
encapsulation dot1Q 328
ip address 196.204.80.241 255.255.255.248 secondary
ip address 172.19.138.90 255.255.255.252
ip nat outside
ip virtual-reassembly in
ip flow ingress
ip flow egress
ip dhcp pool VodaFone gateway
network 196.204.80.240 255.255.255.248
default-router 196.204.80.241
dns-server 8.8.8.8 8.8.4.4
02-21-2020 03:09 PM
Both approaches that you mention are possible. The answer to which one is better depends on how you want to use your address space. Some people have a block of public addresses and want to use one for dynamic address translation for outbound traffic and to use the other public addresses for static translations to make some servers in their network accessible from the Internet. Other people want to use all the addresses in the block as a pool for dynamic address translation. Since we do not know your situation or your network design we can not advise you on which one is better.
02-21-2020 04:34 PM
- for now if i dont have server that need access from internet ( but i need to understand like what ? and what kind of server need access from internet ? just example) ?? to understand
- if i use one public and other for server for example so can u give me example ? how to configure (use one for dynamic address translation for outbound traffic and to use the other public addresses for static translations to make some servers in their network accessible from the Internet)
- if dont have servers so i can use all available block of public addresses as pool of dynamic translations ?
- also if i need to reserve 1 of them for real ip to using it in future for the vpn site to site connection ? how ?
02-21-2020 09:58 PM
I believe both the approach is right, either you can use single IP or multiple IP (public IP) for translations.
- for now if i dont have server that need access from internet ( but i need to understand like what ? and what kind of server need access from internet ? just example) ?? to understand
If you dont have any servers in your network then fine, you can go with your second approach.
Servers are of many types like application server, mail server, FTP server, client server etc.,
- if i use one public and other for server for example so can u give me example ? how to configure (use one for dynamic address translation for outbound traffic and to use the other public addresses for static translations to make some servers in their network accessible from the Internet)
STATIC NAT :
ip nat inside source static <private IP> <public IP>.
then you go under the LAN facing interface with "ip nat inside" command and wan facing interface as "ip nat outside" command
- if dont have servers so i can use all available block of public addresses as pool of dynamic translations ?
Yes, certainly you can use all of the available public IP addresses you have.
- also if i need to reserve 1 of them for real ip to using it in future for the vpn site to site connection ? how ?
Do not include that ip in the IP pool .
Note : As you are using PAT, what i recommend is instead of using all the IP using the option 1 of your configuration
02-22-2020 03:34 AM - edited 02-22-2020 03:36 AM
Note : As you are using PAT, what i recommend is instead of using all the IP using the option 1 of your configuration
as u said um using PAT so even in PAT i can use all free public ip addresses and exclude one for vpn stie to site ?
is it even possible or will be effected on my network accessing to internet ?
- if dont have servers so i can use all available block of public addresses as pool of dynamic translations ?
Yes, certainly you can use all of the available public IP addresses you have.
so what the configuration then will be on the dhcp pool ? because im doing like this
for now im using 241 but if decide to use all 241-42-43-44-45 and exclude 46 from the pool for site to site vpn so the below dhcp pool and defualt router will be same 241 or this command will not effect so i can delete
ip dhcp pool VodaFone gateway
network 196.204.80.240 255.255.255.248
default-router 196.204.80.241
dns-server 8.8.8.8 8.8.4.4
also on the nat outside interface for the secondary ip how it will be configuring > if ill use all public ip s
interface GigabitEthernet0/1.328
description connected to PRIMARY_ISP
encapsulation dot1Q 328
ip address 196.204.80.241 255.255.255.248 secondary
ip address 172.19.138.90 255.255.255.252
ip nat outside
ip virtual-reassembly in
ip flow ingress
ip flow egress
02-23-2020 07:53 AM
as u said um using PAT so even in PAT i can use all free public ip addresses and exclude one for vpn stie to site ?
is it even possible or will be effected on my network accessing to internet ?
- if dont have servers so i can use all available block of public addresses as pool of dynamic translations ?
Yes, certainly you can use all of the available public IP addresses you have.
so what the configuration then will be on the dhcp pool ? because im doing like this
for now im using 241 but if decide to use all 241-42-43-44-45 and exclude 46 from the pool for site to site vpn so the below dhcp pool and defualt router will be same 241 or this command will not effect so i can delete
ip dhcp pool VodaFone gateway
network 196.204.80.240 255.255.255.248
default-router 196.204.80.241
dns-server 8.8.8.8 8.8.4.4
also on the nat outside interface for the secondary ip how it will be configuring > if ill use all public ip s
interface GigabitEthernet0/1.328
description connected to PRIMARY_ISP
encapsulation dot1Q 328
ip address 196.204.80.241 255.255.255.248 secondary
ip address 172.19.138.90 255.255.255.252
ip nat outside
ip virtual-reassembly in
ip flow ingress
ip flow egress
04-01-2020 04:25 PM
in case if i use option 1 so can i use the same ip for site to site vpn ? and all other free public ip addresses are useless and no need to use them at aLL ?
OR HOW IT WORK ?
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide