02-17-2017 05:28 AM - edited 03-08-2019 09:23 AM
Hi All,
Please help in configuring Dynamic NAT with PAT in Cisco ISR router 4431.
Thanks
Kamlesh
02-17-2017 05:08 PM
Hi
Example:
Interface g0/0
ip address <internal network>
ip nat inside
interface g0/1
ip address <public network>
ip nat outside
ip access-list standard PRIVATE-NETS
permit 192.168.1.0 0.0.0.255
ip nat inside source list PRIVATE-NETS interface g0/1 overload
ip route 0.0.0.0 0.0.0.0 <Public IP next hop>
** The router must know the internal networks in order to be translated.
If you have a public range, you could create a pool
ip nat pool TEST 150.X.X.5 150.X.X.7 netmask <subnet mask>
ip nat inside source list PRIVATE-NETS pool TEST overload
Hope it is useful
:-)
02-19-2017 08:39 AM
Hi Julio,
We want dynamic nat with pat configuration in router, for example we have dynamic nat ip pool is 192.168.1.0/24 and source address are 10.1.0.0/23.
Starting hits should be translate from 192.168.1.1 to 192.168.1.253 and rest of the IPs should be PAT with 192.168.1.254.
How we can achieve this configuration.
Thanks
Kamlesh
02-19-2017 09:06 AM
Hi Kamlesh,
Please correct me if I am understanding wrong.
You already have a dynamic nat using a public pool to get Internet, but you want a PAT working in parallel with the dynamic NAT, but the PAT using the IP 192.168.1.254 as overload, is that correct?
For the PAT you could use:
ip nat pool TEST 192.168.1.254 192.168.1.254 netmask 255.255.255.0
ip nat inside source list PRIVATE-NETS pool TEST overload
02-19-2017 09:01 PM
Hi,
We want dynamic nat first and then pat if required. We have 500 source IPs and first 253 hits should be one to one mapping and rest will be overload with last ip address 192.168.1.254.
PAT should use when dynamic NAT pool fully utilized.
Thanks
Kamlesh
02-19-2017 09:23 PM
Hi Kamlesh,
Thank you for the information, PAT could provide the connectivity for the 500 sources without inconveniences. Also you could configure different PATs for specific sources. Is the dynamic NAT used for special request?
02-19-2017 09:48 PM
Hi
Thanks, that is ok PAT can translate 65535 address but requirement is after fully utilizing the dynamic pool 192.168.1.1 - 192.168.1.253 then next hit will goes to PAT and use 192.168.1.254.
Thanks
Kamlesh
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide