cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
2572
Views
0
Helpful
4
Replies
Highlighted
Beginner

ISP Configuration

Hello

I am setting up a network for a client with a small time ISP.

The only information provided by this ISP is the public IP address (XXX.XX.XXX.251) /24 Subnet and a default gateway (XXX.XX.XXX.1)

I have a Cisco ISR 4331 that I need to configure for WAN on INT GI0/0/0.

My question mainly is this possible with only this info, the router connects directly to port 7 on a microtek cloud router.

The clients private LAN is bound to INT GI0/0/1 and is subnetted a few times.

Any information regarding configuring this would be greatly appreciated as this is the first time I have had this issue and cannot find any info relating to this at all.

I have tried configuring different kinds of NAT but nothing works. I am also sure setting the IP address of GI0/0/0 as the public IP is wrong but I have no other info to go on.

Thanks

Adam


int Gi0/0/1
no ip address
no shutdown
int Gi0/0/1.50
encapsulation dot1Q 50
ip address 10.10.0.254 255.255.255.0
ip helper-address 10.10.4.2 (DNS server)
exit
int Gi0/0/1.60
encapsulation dot1Q 60
ip address 10.10.1.254 255.255.255.0
exit
int Gi0/0/1.70
encapsulation dot1Q 70
ip address 10.10.2.254 255.255.255.0
ip helper-address 10.10.4.2
exit
int Gi0/0/1.90
encapsulation dot1Q 90
ip address 10.10.4.254 255.255.255.0
exit
int Gi0/0/1.100
encapsulation dot1Q 100
ip address 10.10.5.254 255.255.255.0
exit
ip route 0.0.0.0 0.0.0.0 XXX.XX.XXX.1
int Gi0/0/0
ip address XXX.XX.XXX.251 255.255.255.0
no shutdown


1 ACCEPTED SOLUTION

Accepted Solutions
Highlighted
VIP Expert

Adam,

I am pretty sure the Microtek is doing the NAT. Can you access that device and put it in bridge mode ? If that succeeds, you can NAT on the 4331, the config would then look like this:

int Gi0/0/1
no ip address
no shutdown
int Gi0/0/1.50
encapsulation dot1Q 50
ip address 10.10.0.254 255.255.255.0
ip helper-address 10.10.4.2 (DNS server)
ip nat inside
!
int Gi0/0/1.60
encapsulation dot1Q 60
ip address 10.10.1.254 255.255.255.0
ip nat inside
!
int Gi0/0/1.70
encapsulation dot1Q 70
ip address 10.10.2.254 255.255.255.0
ip helper-address 10.10.4.2
ip nat inside
!
int Gi0/0/1.90
encapsulation dot1Q 90
ip address 10.10.4.254 255.255.255.0
ip nat inside
!
int Gi0/0/1.100
encapsulation dot1Q 100
ip address 10.10.5.254 255.255.255.0
ip nat inside
!
int Gi0/0/0
ip address XXX.XX.XXX.251 255.255.255.0
ip nat outside
!

ip route 0.0.0.0 0.0.0.0 XXX.XX.XXX.1

!
ip nat inside source route-map NAT interface GiagbitEthernet0/0/0 overload
!
route-map NAT permit 10
match ip address 100
match interface GigabitEthernet0/0/0
!
access-list 100 permit ip 10.10.0.0 0.0.7.255

If that doesn't work, or if you cannot configure the Microtek for bridge mode, set your GigabitEthernet0/0/0 to dhcp

int Gi0/0/0
ip address dhcp
ip nat outside

and change the default route to:

ip route 0.0.0.0 0.0.0.0 GigabitEthernet0/0/0

View solution in original post

4 REPLIES 4
Highlighted
Beginner

hai

you give the ip nat inside to subinterfases also 

ex

Gi 0/0/0.10

ip nat inside  to other subinterfaces

Highlighted
VIP Expert

Adam,

I am pretty sure the Microtek is doing the NAT. Can you access that device and put it in bridge mode ? If that succeeds, you can NAT on the 4331, the config would then look like this:

int Gi0/0/1
no ip address
no shutdown
int Gi0/0/1.50
encapsulation dot1Q 50
ip address 10.10.0.254 255.255.255.0
ip helper-address 10.10.4.2 (DNS server)
ip nat inside
!
int Gi0/0/1.60
encapsulation dot1Q 60
ip address 10.10.1.254 255.255.255.0
ip nat inside
!
int Gi0/0/1.70
encapsulation dot1Q 70
ip address 10.10.2.254 255.255.255.0
ip helper-address 10.10.4.2
ip nat inside
!
int Gi0/0/1.90
encapsulation dot1Q 90
ip address 10.10.4.254 255.255.255.0
ip nat inside
!
int Gi0/0/1.100
encapsulation dot1Q 100
ip address 10.10.5.254 255.255.255.0
ip nat inside
!
int Gi0/0/0
ip address XXX.XX.XXX.251 255.255.255.0
ip nat outside
!

ip route 0.0.0.0 0.0.0.0 XXX.XX.XXX.1

!
ip nat inside source route-map NAT interface GiagbitEthernet0/0/0 overload
!
route-map NAT permit 10
match ip address 100
match interface GigabitEthernet0/0/0
!
access-list 100 permit ip 10.10.0.0 0.0.7.255

If that doesn't work, or if you cannot configure the Microtek for bridge mode, set your GigabitEthernet0/0/0 to dhcp

int Gi0/0/0
ip address dhcp
ip nat outside

and change the default route to:

ip route 0.0.0.0 0.0.0.0 GigabitEthernet0/0/0

View solution in original post

Highlighted

Thank you Georg that was what I needed, Cheers!

Setting 'ip nat inside' on each sub int and doing the following on Gi0 made is possible to ping ISP DG.

int Gi0/0/0
ip address XXX.XX.XXX.251 255.255.255.0
ip nat outside
!

ip route 0.0.0.0 0.0.0.0 XXX.XX.XXX.1

!
ip nat inside source route-map NAT interface GiagbitEthernet0/0/0 overload
!
route-map NAT permit 10
match ip address 100
match interface GigabitEthernet0/0/0
!
access-list 100 permit ip 10.10.0.0 0.0.0.255

Highlighted

Hi ,

If your service provider is doing Natting at ISP level..then you don't need anything to but if you are doing the same at your router level..

You may need to do Natting configuration at interface like Nat inside along with acl to map and nat outside.

Have a look on the below link for detailed configuration...

http://www.cisco.com/c/en/us/support/docs/ip/network-address-translation-nat/13773-2.html

Hope it Helps..

-GI

Content for Community-Ad