cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Bookmark
|
Subscribe
|
630
Views
0
Helpful
2
Replies

NAT inside global question

markjwalmsley
Level 1
Level 1

Hi

Quick question does the inside global NAT address have to be in the same subnet as the outside interface address or can it be a totally different publicly routed IP address, as long as there is a route back to it?

Cheers

M

1 Accepted Solution

Accepted Solutions

jonathanaxford
Level 3
Level 3

Hi,

My understanding is that the inside global address is a publicly assigned IP address that generally sits on the outside interface of a router that is provising internet access. This is the address that represents your enterprise on the internet as far as those outside the enterprise are concerned.

In terms of your question, you can have different publicly routable IP addresses defined as inside local addresses without the addresses being on the asme subnet, as long as the addresses can be routed to correctly. We use a similar setup whereby we have addresses in three different public ranges which are all used to NAT various services, but only one address from one of the range is actually physically configured on our outside interface.

I hope this helps,

Jonathan

View solution in original post

2 Replies 2

jonathanaxford
Level 3
Level 3

Hi,

My understanding is that the inside global address is a publicly assigned IP address that generally sits on the outside interface of a router that is provising internet access. This is the address that represents your enterprise on the internet as far as those outside the enterprise are concerned.

In terms of your question, you can have different publicly routable IP addresses defined as inside local addresses without the addresses being on the asme subnet, as long as the addresses can be routed to correctly. We use a similar setup whereby we have addresses in three different public ranges which are all used to NAT various services, but only one address from one of the range is actually physically configured on our outside interface.

I hope this helps,

Jonathan

Thanks for the info Jonathan,