Solved: Glad to help, Masoud

bret.galyean · ‎10-14-2015

I'm configuring a router for a new internet connection and I'm running into a small issue but it has me stumped so far. This is the first router I have set up from scratch.

The ISP gave us two IPs, and their WAN Serial and default route.

I assigned the WAN serial to the outgoing interface and have all traffic being routed to the ISPs default route.

For one of the IPs, it is being assigned to another device, that device will handle it's own NATing. I have lots of experience with that setup and it is working fine.

The issue I have is for the other IP. I am trying to use a switch module on the router, so up to 4 devices connected, all using the same outgoing IP.

For example, Anything on these ports will be 10.0.0.0\24. The ports are on a vlan with an IP of 10.0.0.254, which every device has as their default gateway. What is the proper way to get all outbound traffic from those ports, to NAT to the outbound IP and route to the ISPs default route?

I'm currently trying to use a loopback interface, and from a 10.0.0.x device I can ping the vlan gateway, and the WAN address on my external interface, but I'm not getting out to the internet. I thought I had the NAT setup right but I am clearly missing something.

Thanks for any pointers you can provide.

Masoud Pourshabanian · ‎10-15-2015

You do not need any policy based routing. Just Translate 10.0.0.0\24 to y.y.y.250.

int vlan X

10.0.0.0\24

IP NAT inside.

int Serial X

IP x.x.x.1

IP NAT outside

************************************

Access-list 50 permit IP 10.0.0.0/24 any

IP NAT pool publicIP y.y.y.250

IP NAT inside source list 50 pool PublicIP overload

*****************************************************

Then default route to x.x.x.2

Hope it helps,

View solution in original post

John Blakley · ‎10-14-2015

Can you post your config if the following doesn't help?

Try this:

access-list 100 permit ip 10.0.0.0 0.0.0.255 any

ip nat inside source list 100 interface <wan interface> overload

int <wan interface>

ip nat out

int <vlan interface>

ip nat in

The only issue that I have right now is that you said a device will handle natting. Is that in front of the router or behind? If it's in front of the router, you should assign all private addressing to the router's wan and lan side and not nat on the router. You would need a static route on your other device pointing to the wan interface of this router to get back to your 10.0.0.0/24 subnet.

HTH,

John

HTH, John *** Please rate all useful posts ***

bret.galyean · ‎10-15-2015

Thanks for the help. I'm out today so I will try this tomorrow morning and post if I have issues.

The other device was me oversharing and shouldn't be related to the problem. It is a firewall behind the router that is using one of the two IPs we were given. That half seems to be working fine. I'm only having issues with the switch ports on the router using the second IP.

For the example you gave though, I don't think that translates the traffic to the IP we were given.

We have:

WAN interface x.x.x.1

ip route sending everything out x.x.x.2

ip we were given traffic needs to show up as y.y.y.250

all traffic on the switch ports are sent to the 10.0.0.254 vlan.

So my understanding is the vlan needs to be NATed to the y.y.y.250 address (our public IP), and then go out the default route x.x.x.2

Should I use policy based routing for that?

Thanks again. I can post the config and some better info tomorrow morning.

Masoud Pourshabanian · ‎10-15-2015