I have an issue, where I have Nat Overload configured
ip address 18.104.22.168 255.255.255.252
ip nat outside
Below is my inside interface
ip address 10.3.0.1 255.255.255.192
ip nbar protocol-discovery
ip flow ingress
ip flow egress
ip nat inside
Here is the rest of my NAT config
ip nat inside source list NAT-LIST interface GigabitEthernet0/0 overload
permit ip 10.3.0.0 0.0.0.255 any
permit ip 10.3.1.0 0.0.0.255 any
permit ip 10.3.2.0 0.0.0.255 any
permit ip 10.3.3.0 0.0.0.255 any
permit ip 10.3.4.0 0.0.0.255 any
permit ip 10.3.5.0 0.0.0.255 any
permit ip 10.3.6.0 0.0.0.255 any
permit ip 10.3.20.0 0.0.0.255 any
permit ip 10.3.8.0 0.0.1.255 any
permit ip 10.3.255.0 0.0.0.255 any
permit ip 10.3.254.0 0.0.0.255 any
permit ip 10.3.253.0 0.0.0.255 any
permit ip 192.168.102.0 0.0.0.255 any
permit ip 10.3.251.0 0.0.0.255 any
permit ip 10.3.252.0 0.0.0.255 any
I have an issue where I have a department that now want to have their own public IP so they can whitelist it.
I have Nat configured using one public address using overload. I have acquired somoe more Pub IP's from The ISP.
Without having to restructure the whole way that I do the NATing.Is there a way I can configure NAT on the router with new public IP's
without disrupting the original config.
Would creating sub interfaces on the outside or is there any alternative method
Thanks in advance
Solved! Go to Solution.
You don't need subinterfaces because the ISP will route those new IPs to your router anyway so the addresses don't neeed to be assigned to an interface. So lets say the 10.3.1.0/24 dept needs it's own IP -
new public IP to be used 22.214.171.124
remove 10.3.1.0 from the existing NAT acl
access-list 101 permit ip 10.3.1.0 0.0.0.255 any (note you can use a named acl if you want)
ip nat pool
ip nat inside source list 101 pool
That should do it. Bear in mind when you add this config you will need to clear any existing NAT translations for the 10.3.1.x network.
Thank you for the response.
The new public addreses that I have been given are not on the same subnet as The public address I have on the outside interface.
Will the ISP still route them for me ?