cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
4923
Views
0
Helpful
5
Replies

Public IP behind the NAT

Nick Sinyakov
Level 1
Level 1

Hi guys,

I'd like to allow 1 client to have public IP in local network. Currently we have few public IPs, but only 1 (a.a.a.a) is in use for NAT.

What should I change in config and how to setup Client PC for public IP (what gateway should I put)?

ip nat pool 1IP c.c.c.c c.c.c.c netmask 255.255.255.252

ip nat inside source list 1 pool 1IP

ip nat inside source list NAT_INTERNET interface GigabitEthernet0/0/0 overload

ip access-list extended NAT_INTERNET

permit IP any any

access-list 1 permit ip any any

ip route 0.0.0.0 0.0.0.0 b.b.b.b

interface GigabitEthernet0/0/0

description $ETH-WAN$

ip address a.a.a.a 255.255.255.224

ip nat outside

Many thanks,

Nick

1 Accepted Solution

Accepted Solutions

Hi Nick ,

If you want the second router to have an interface with an public IP address then you should connect it as the first router, that is to the Internet Provider and the gateway should be the provider's eqipment.

In order to accommodate the second router you will need a switch : the link from the provider will be conected to this switch , and also both internet routers owned by you .

Dan

View solution in original post

5 Replies 5

kamran_Roostaee
Level 1
Level 1

If you want to allow one of your client to connect to internet and have public IP you can:

1- you router have at least 2 port, one of them is connected to LAN (I call it LAN_Interface)and another is connected to WAN (I call it WAN_Interface)

2- Gateway of your clients is LAN_Interface and clients and LAN_Interface should be in same subnet

3- define LAN_Interface as NAT inside interface with adding "ip nat inside" bellow LAN_Interface subcommand

4- define WAN_Interface as NAT outside interface with adding "ip nat outside" bellow WAN_Interface subcommand

5- Define Access-list that match client for which NAt should be performed

6- Configure NAT to use  WAN_Interface ip address as public IP address with "ip nat source list [access-list] interface [WAN-Interface] overload"

In your configuration there is no need to "ip nat pool" and "ip nat inside ..." is enough, you should add "ip nat inside" under you lan interface too

Thanks Kamran for reply.

All steps already completed and all clients in my network have internet (one IP address).

But I'd like to connect another router to switch (So I will have Internet -> Router -> Switch -> Router, because there are no free ports on first router) and assign anouther our public IP. After that perform tests with Site-to-Site VPN between new Router with new IP and different router via internet.

Ok this problem is different, your problem is not clear to me but I guess you have one of following problem:

1- you want to use 2 routers as one clien or all clients gateway: this means that you should use gateway redundancy protocols such as HSRP or VRRP or GLBP, that you define a single virtual address as all client gateway to use both router as gateway. In this situation if you want to set outgoing router for a specific client you should put that client in another vlan and define a client as a member of a group to use second router as outgoing path. NAT configuration on second router iis same as first router.

2- you want to use client as a VPN server and dont want to use site to site VPN on router: if you want to use a client as VPN server, you can not use router ip address as this server public IP address and should change router interface IP address to private and use static NAT for VPN server

ps.In above cases, I assume that your routers are connected to different ISPs

Hi Nick ,

If you want the second router to have an interface with an public IP address then you should connect it as the first router, that is to the Internet Provider and the gateway should be the provider's eqipment.

In order to accommodate the second router you will need a switch : the link from the provider will be conected to this switch , and also both internet routers owned by you .

Dan

Thanks Dan,

I've connected second router to the ISP's router in free port. Works good.