03-11-2017 02:01 AM - edited 03-08-2019 09:41 AM
Hello
I am setting up a network for a client with a small time ISP.
The only information provided by this ISP is the public IP address (XXX.XX.XXX.251) /24 Subnet and a default gateway (XXX.XX.XXX.1)
I have a Cisco ISR 4331 that I need to configure for WAN on INT GI0/0/0.
My question mainly is this possible with only this info, the router connects directly to port 7 on a microtek cloud router.
The clients private LAN is bound to INT GI0/0/1 and is subnetted a few times.
Any information regarding configuring this would be greatly appreciated as this is the first time I have had this issue and cannot find any info relating to this at all.
I have tried configuring different kinds of NAT but nothing works. I am also sure setting the IP address of GI0/0/0 as the public IP is wrong but I have no other info to go on.
Thanks
Adam
int Gi0/0/1
no ip address
no shutdown
int Gi0/0/1.50
encapsulation dot1Q 50
ip address 10.10.0.254 255.255.255.0
ip helper-address 10.10.4.2 (DNS server)
exit
int Gi0/0/1.60
encapsulation dot1Q 60
ip address 10.10.1.254 255.255.255.0
exit
int Gi0/0/1.70
encapsulation dot1Q 70
ip address 10.10.2.254 255.255.255.0
ip helper-address 10.10.4.2
exit
int Gi0/0/1.90
encapsulation dot1Q 90
ip address 10.10.4.254 255.255.255.0
exit
int Gi0/0/1.100
encapsulation dot1Q 100
ip address 10.10.5.254 255.255.255.0
exit
ip route 0.0.0.0 0.0.0.0 XXX.XX.XXX.1
int Gi0/0/0
ip address XXX.XX.XXX.251 255.255.255.0
no shutdown
Solved! Go to Solution.
03-11-2017 01:58 PM
Adam,
I am pretty sure the Microtek is doing the NAT. Can you access that device and put it in bridge mode ? If that succeeds, you can NAT on the 4331, the config would then look like this:
int Gi0/0/1
no ip address
no shutdown
int Gi0/0/1.50
encapsulation dot1Q 50
ip address 10.10.0.254 255.255.255.0
ip helper-address 10.10.4.2 (DNS server)
ip nat inside
!
int Gi0/0/1.60
encapsulation dot1Q 60
ip address 10.10.1.254 255.255.255.0
ip nat inside
!
int Gi0/0/1.70
encapsulation dot1Q 70
ip address 10.10.2.254 255.255.255.0
ip helper-address 10.10.4.2
ip nat inside
!
int Gi0/0/1.90
encapsulation dot1Q 90
ip address 10.10.4.254 255.255.255.0
ip nat inside
!
int Gi0/0/1.100
encapsulation dot1Q 100
ip address 10.10.5.254 255.255.255.0
ip nat inside
!
int Gi0/0/0
ip address XXX.XX.XXX.251 255.255.255.0
ip nat outside
!
ip route 0.0.0.0 0.0.0.0 XXX.XX.XXX.1
!
ip nat inside source route-map NAT interface GiagbitEthernet0/0/0 overload
!
route-map NAT permit 10
match ip address 100
match interface GigabitEthernet0/0/0
!
access-list 100 permit ip 10.10.0.0 0.0.7.255
If that doesn't work, or if you cannot configure the Microtek for bridge mode, set your GigabitEthernet0/0/0 to dhcp
int Gi0/0/0
ip address dhcp
ip nat outside
and change the default route to:
ip route 0.0.0.0 0.0.0.0 GigabitEthernet0/0/0
03-11-2017 04:30 AM
hai
you give the ip nat inside to subinterfases also
ex
Gi 0/0/0.10
ip nat inside to other subinterfaces
03-11-2017 01:58 PM
Adam,
I am pretty sure the Microtek is doing the NAT. Can you access that device and put it in bridge mode ? If that succeeds, you can NAT on the 4331, the config would then look like this:
int Gi0/0/1
no ip address
no shutdown
int Gi0/0/1.50
encapsulation dot1Q 50
ip address 10.10.0.254 255.255.255.0
ip helper-address 10.10.4.2 (DNS server)
ip nat inside
!
int Gi0/0/1.60
encapsulation dot1Q 60
ip address 10.10.1.254 255.255.255.0
ip nat inside
!
int Gi0/0/1.70
encapsulation dot1Q 70
ip address 10.10.2.254 255.255.255.0
ip helper-address 10.10.4.2
ip nat inside
!
int Gi0/0/1.90
encapsulation dot1Q 90
ip address 10.10.4.254 255.255.255.0
ip nat inside
!
int Gi0/0/1.100
encapsulation dot1Q 100
ip address 10.10.5.254 255.255.255.0
ip nat inside
!
int Gi0/0/0
ip address XXX.XX.XXX.251 255.255.255.0
ip nat outside
!
ip route 0.0.0.0 0.0.0.0 XXX.XX.XXX.1
!
ip nat inside source route-map NAT interface GiagbitEthernet0/0/0 overload
!
route-map NAT permit 10
match ip address 100
match interface GigabitEthernet0/0/0
!
access-list 100 permit ip 10.10.0.0 0.0.7.255
If that doesn't work, or if you cannot configure the Microtek for bridge mode, set your GigabitEthernet0/0/0 to dhcp
int Gi0/0/0
ip address dhcp
ip nat outside
and change the default route to:
ip route 0.0.0.0 0.0.0.0 GigabitEthernet0/0/0
03-12-2017 12:32 PM
Thank you Georg that was what I needed, Cheers!
Setting 'ip nat inside' on each sub int and doing the following on Gi0 made is possible to ping ISP DG.
int Gi0/0/0
ip address XXX.XX.XXX.251 255.255.255.0
ip nat outside
!
ip route 0.0.0.0 0.0.0.0 XXX.XX.XXX.1
!
ip nat inside source route-map NAT interface GiagbitEthernet0/0/0 overload
!
route-map NAT permit 10
match ip address 100
match interface GigabitEthernet0/0/0
!
access-list 100 permit ip 10.10.0.0 0.0.0.255
03-12-2017 04:42 AM
Hi ,
If your service provider is doing Natting at ISP level..then you don't need anything to but if you are doing the same at your router level..
You may need to do Natting configuration at interface like Nat inside along with acl to map and nat outside.
Have a look on the below link for detailed configuration...
http://www.cisco.com/c/en/us/support/docs/ip/network-address-translation-nat/13773-2.html
Hope it Helps..
-GI
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide