Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
576
Views
10
Helpful
4
Replies

Cisco best practice...

williamreed
Level 1
Level 1

‎01-24-2006 03:24 PM - edited ‎03-05-2019 11:45 AM

We have a new internal network setup, with a few ip addresses assigned by our ISP.

Behind our Cisco 2800, we have a few webservers for which I have designated static NAT rules.

My question is, we also set up one dynamic nat rule for inside to outside with an address pool using some of the ISP given ips. Should we use this dynamic rule, or is there a better way?

Thanks,

Will...

Labels:
0 Helpful
4 Replies 4

pkhatri
Level 11
Level 11

‎01-24-2006 03:51 PM

Hi Will,

The dynamic pool for your outgoing interface traffic should be fine. However, you need to be careful how you define the dynamic nat translation. If you have more hosts behind your firewall than addresses in the pool, you will run out of addresses very quickly. Therefore, if that is the case, ensure you specify the 'overload' option when configuring the translation:

ip nat inside source list list1 pool NatPool1 overload

This will ensure that source port numbers are translated as well as source addresses, allowing you to support a larger number of hosts ..

Hope that helps - pls rate the post if it does.

Regards,

Paresh.

williamreed
Level 1
Level 1
In response to pkhatri

‎01-24-2006 04:01 PM

Thanks for your prompt replies!

What about the dynamic nat translation timeouts? Should this be set to 0, 24 hours, or should I set it longer?

Thanks,

Will.

0 Helpful

pkhatri
Level 11
Level 11
In response to williamreed

‎01-24-2006 04:10 PM

Hi William,

The default default timeouts have been carefully chosen and as you may have see, they depend on the type of protocol associated with the translation.

Therefore, I would suggest that you just use the defaults. There are plenty of ports available (it is a 16-bit field, after all) so I can't imagine that you will run out of source ports anytime soon.

Hope that helps,

Paresh

0 Helpful

mheusinger
Level 10
Level 10

‎01-24-2006 03:54 PM

Hello,

To make sure there are always enough translations for all user requests use NAT overload (i.e. PAT).

Config could look like this:

ip nat pool MyIPs 1.1.1.2 1.1.1.20 netmask 255.255.255.0

ip nat inside source route-map NATmap pool MyIPs overload

interface Ethernet0

ip address 192.168.1.1 255.255.255.0

ip nat inside

interface Serial0

ip address 1.1.1.1 255.255.255.252

ip nat outside

The dynamic rule will be the best choice in case there are more internal hosts than official IPs.

Hope this helps! Please rate all posts.

Regards, Martin

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card