02-16-2011 03:04 AM - edited 03-06-2019 03:35 PM
I have 32 Static IP address and i want to NAT 7 IP address to access internet internally.the intenal ip range is 172.26.x.x.i like to know how to config this in 2800 router
Solved! Go to Solution.
02-16-2011 05:47 AM
Hi,
if you want internet access from your 172.16.x.x LAN then you can do NAT overload
1) you create an ACL telling your router which IP addresses must be natted
access-list 10 permit 172.16.x.x 0.0.0.255 (this is the wildcard mask if you have a /24 subnet)
2) select inside and outside interfaces with the nat inside and nat outside commands on right interface
3) configure nat overload: ip nat inside source list 10 interface XX where XX is the id of outside interface.
Hope this is clear enough.
To verify just do a ping from one machine in the LAN to an internet address and then : show ip nat translation ---> you should see an entry for your ping
Regards.
alain.
02-16-2011 03:32 AM
Hi
Have a look at the cisco webpage - there you'll find a lot of configuration examples.
For example: http://www.cisco.com/en/US/tech/tk648/tk361/technologies_tech_note09186a0080094e77.shtml#topic3
02-16-2011 03:45 AM
Its same method which we follow on old routers and its very simple you can do it easily.
Refrence document is really help you.
Still you need help do let us know.
Regards,
Azhar
02-16-2011 03:46 AM
Hi,
Type this :
ip nat translation timeout 60
ip nat inside source static X.X.X.X Y.Y.Y.Y
where X.X.X.X is the local address and Y.Y.Y.Y the translated address
Regards
Hicham Azarou
02-16-2011 04:47 AM
Can u provide me the entire config how to nat
Internal IP range 172.16.x.x
external IP 117.240.23.96 to 127
we have select one IP and nat to 172 series for internet
kindly send me the cofig file
02-16-2011 05:47 AM
Hi,
if you want internet access from your 172.16.x.x LAN then you can do NAT overload
1) you create an ACL telling your router which IP addresses must be natted
access-list 10 permit 172.16.x.x 0.0.0.255 (this is the wildcard mask if you have a /24 subnet)
2) select inside and outside interfaces with the nat inside and nat outside commands on right interface
3) configure nat overload: ip nat inside source list 10 interface XX where XX is the id of outside interface.
Hope this is clear enough.
To verify just do a ping from one machine in the LAN to an internet address and then : show ip nat translation ---> you should see an entry for your ping
Regards.
alain.
02-17-2011 06:41 AM
this is the static IP provided by ISP 117.240.230.96 to 112.
117.240.230.98 is the gateway provided by ISP,
this is what we have created
# Int fa0/0
# ip address 117.240.230.96 255.0.0.0
#no shut
# exit
#Iint fa0/0
# ip nat outside
# exit
#int fa0/1
#ip address 172.16.1.1 255.255.0.0
#no shut
# exit
#int fa0/1
# ip nat inside
#exit
#access list 100 permit 172.16.0.0 0.0.255.255
when we type this we have error
and can u correct the error and tell how to config overlaod
02-17-2011 07:13 AM
Hi,
# Int fa0/0
# ip address 117.240.230.96 255.0.0.0
Your mask means you are supernetting so you should ask your ISP the mask but at a minimum it will be /24 ( 255.255.255.0)
The ISP gave you a range og 17 IPs so I would presume the mask should more than probably be greater than /24 and it
could be a /29( 255.255.255.248)
You don't have to exit from interface and then renter to configure nat inside/outside
#access list 100 permit 172.16.0.0 0.0.255.255
when we type this we have error
You are configuring an extended ACL because the number is >= 100 and so the syntax asks you to enter ip or tcp or udp or icmp,etc
after the acl permit or deny clause and furthermore you need to specify a dest address.
If you want to d simple nat overload then use a standard ACL
access-list 10 permit 172.16.0.0 0.0.255.255
Then for the overload:
ip nat inside source list 10 interface f0/0
Regards.
Alain.
06-28-2018 03:02 AM - edited 06-28-2018 03:34 AM
Hi,
I just follow all the step but no internet, I can ping the ISP gateway but I cannot ping the computer in the network! from the computer in network I can ping the router port (local gateway).
Any advice? is there any problem with ACL?
Bellow the result of Sh run
Angola#sh run
Building configuration...
Current configuration : 1465 bytes
!
version 15.1
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname Angola
!
boot-start-marker
boot-end-marker
!
aaa session-id common
!
dot11 syslog
ip source-route
no ip routing
!
!
no ip cef
!
!
!
ip domain name XXXX.org
multilink bundle-name authenticated
!
!
crypto pki token default removal timeout 0
!
!
!
!
license udi pid CISCO2821 sn FHK1131F1C9
username XXXX password 0 XXXX
!
!
ip ssh time-out 60
ip ssh authentication-retries 2
ip ssh version 1
interface GigabitEthernet0/0
ip address 192.168.1.1 255.255.255.0
ip nat inside
ip virtual-reassembly in
no ip route-cache
duplex auto
speed auto
no mop enabled
!
interface GigabitEthernet0/1
ip address 160.242.20.XX 255.255.255.248
ip nat outside
ip virtual-reassembly in
no ip route-cache
duplex auto
speed auto
!
interface Serial0/0/0
no ip address
no ip route-cache
shutdown
clock rate 2000000
!
interface Serial0/0/1
no ip address
no ip route-cache
shutdown
clock rate 2000000
!
ip forward-protocol nd
!
no ip http server
no ip http secure-server
!
ip nat inside source list 1 interface GigabitEthernet0/1 overload
!
access-list 1 permit 192.168.1.0 0.0.0.255
!
control-plane
line con 0
line aux 0
line vty 0 4
password XXXXX
transport input ssh
!
scheduler allocate 20000 1000
end
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide