Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
487
Views
0
Helpful
3
Replies

NAT options in an existing environment

Go to solution
James Simpson
Level 1
Level 1

‎11-20-2013 08:26 AM - edited ‎03-07-2019 04:42 PM

          Hi

I have an issue, where I have Nat Overload configured

description TO_ISP

ip address 195.113.83.158 255.255.255.252

ip nat outside

ip virtual-reassembly

duplex full

speed 1000

Below is my inside interface

interface GigabitEthernet0/1
description INSIDE
ip address 10.3.0.1 255.255.255.192
ip nbar protocol-discovery
ip flow ingress
ip flow egress
ip nat inside
ip virtual-reassembly
duplex auto
speed auto

Here is the rest of my NAT config

ip nat inside source list NAT-LIST interface GigabitEthernet0/0 overload

        permit ip 10.3.0.0 0.0.0.255 any

        permit ip 10.3.1.0 0.0.0.255 any

        permit ip 10.3.2.0 0.0.0.255 any

        permit ip 10.3.3.0 0.0.0.255 any

        permit ip 10.3.4.0 0.0.0.255 any

        permit ip 10.3.5.0 0.0.0.255 any

        permit ip 10.3.6.0 0.0.0.255 any

        permit ip 10.3.20.0 0.0.0.255 any

        permit ip 10.3.8.0 0.0.1.255 any 

        permit ip 10.3.255.0 0.0.0.255 any 

        permit ip 10.3.254.0 0.0.0.255 any

        permit ip 10.3.253.0 0.0.0.255 any

        permit ip 192.168.102.0 0.0.0.255 any

        permit ip 10.3.251.0 0.0.0.255 any

        permit ip 10.3.252.0 0.0.0.255 any

  

I have an issue where I have a department that now want to have their own public IP so they can whitelist it.

I have Nat configured using one public address using overload. I have acquired somoe more Pub IP's from The ISP.

Without having to restructure the whole way that I do the NATing.Is there a way I can configure NAT on the router with new public IP's

without disrupting the original config.

Would creating sub interfaces on the outside or is there any alternative method

Thanks in advance
  

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Jon Marshall
Hall of Fame
Hall of Fame
In response to James Simpson

‎11-20-2013 12:21 PM

James

Shouldn't matter whether they are from the same subnet or not, the ISP should still route them to your router as they have assigned them to you.

Jon

View solution in original post

0 Helpful
3 Replies 3

Go to solution
Jon Marshall
Hall of Fame
Hall of Fame

‎11-20-2013 08:38 AM

James

You don't need subinterfaces because the ISP will route those new IPs to your router anyway so the addresses don't neeed to be assigned to an interface. So lets say the 10.3.1.0/24 dept needs it's own IP -

new public IP to be used 195.10.10.1

remove 10.3.1.0 from the existing NAT acl

access-list 101 permit ip 10.3.1.0 0.0.0.255 any  (note you can use a named acl if you want)

ip nat pool <-- you may want something meaningful to the dept here> 195.10.10.1 195.10.10.1 netmask 255.255.255.252

ip nat inside source list 101 pool overload

That should do it. Bear in mind when you add this config you will need to clear any existing NAT translations for the 10.3.1.x network.

Jon

0 Helpful

Go to solution
James Simpson
Level 1
Level 1
In response to Jon Marshall

‎11-20-2013 11:46 AM

Hi Jon

Thank you for the response.

The new public addreses that I have been given are not on the same subnet as The public address I have on the outside interface.

Will the ISP still route them for me ?

0 Helpful

Go to solution
Jon Marshall
Hall of Fame
Hall of Fame
In response to James Simpson

‎11-20-2013 12:21 PM

James

Shouldn't matter whether they are from the same subnet or not, the ISP should still route them to your router as they have assigned them to you.

Jon

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card