Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
4065
Views
0
Helpful
5
Replies

Public IP behind the NAT

Go to solution
Nick Sinyakov
Level 1
Level 1

‎04-16-2012 05:12 PM - edited ‎03-07-2019 06:10 AM

Hi guys,

I'd like to allow 1 client to have public IP in local network. Currently we have few public IPs, but only 1 (a.a.a.a) is in use for NAT.

What should I change in config and how to setup Client PC for public IP (what gateway should I put)?

ip nat pool 1IP c.c.c.c c.c.c.c netmask 255.255.255.252

ip nat inside source list 1 pool 1IP

ip nat inside source list NAT_INTERNET interface GigabitEthernet0/0/0 overload

ip access-list extended NAT_INTERNET

permit IP any any

access-list 1 permit ip any any

ip route 0.0.0.0 0.0.0.0 b.b.b.b

interface GigabitEthernet0/0/0

description $ETH-WAN$

ip address a.a.a.a 255.255.255.224

ip nat outside

Many thanks,

Nick

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Dan-Ciprian Cicioiu
Level 7
Level 7
In response to kamran_Roostaee

‎04-17-2012 10:23 PM

Hi Nick ,

If you want the second router to have an interface with an public IP address then you should connect it as the first router, that is to the Internet Provider and the gateway should be the provider's eqipment.

In order to accommodate the second router you will need a switch : the link from the provider will be conected to this switch , and also both internet routers owned by you .

Dan

View solution in original post

0 Helpful
5 Replies 5

Go to solution
kamran_Roostaee
Level 1
Level 1

‎04-17-2012 05:29 AM

If you want to allow one of your client to connect to internet and have public IP you can:

1- you router have at least 2 port, one of them is connected to LAN (I call it LAN_Interface)and another is connected to WAN (I call it WAN_Interface)

2- Gateway of your clients is LAN_Interface and clients and LAN_Interface should be in same subnet

3- define LAN_Interface as NAT inside interface with adding "ip nat inside" bellow LAN_Interface subcommand

4- define WAN_Interface as NAT outside interface with adding "ip nat outside" bellow WAN_Interface subcommand

5- Define Access-list that match client for which NAt should be performed

6- Configure NAT to use  WAN_Interface ip address as public IP address with "ip nat source list [access-list] interface [WAN-Interface] overload"

In your configuration there is no need to "ip nat pool" and "ip nat inside ..." is enough, you should add "ip nat inside" under you lan interface too

0 Helpful

Go to solution
Nick Sinyakov
Level 1
Level 1
In response to kamran_Roostaee

‎04-17-2012 02:39 PM

Thanks Kamran for reply.

All steps already completed and all clients in my network have internet (one IP address).

But I'd like to connect another router to switch (So I will have Internet -> Router -> Switch -> Router, because there are no free ports on first router) and assign anouther our public IP. After that perform tests with Site-to-Site VPN between new Router with new IP and different router via internet.

0 Helpful

Go to solution
kamran_Roostaee
Level 1
Level 1
In response to Nick Sinyakov

‎04-17-2012 09:33 PM

Ok this problem is different, your problem is not clear to me but I guess you have one of following problem:

1- you want to use 2 routers as one clien or all clients gateway: this means that you should use gateway redundancy protocols such as HSRP or VRRP or GLBP, that you define a single virtual address as all client gateway to use both router as gateway. In this situation if you want to set outgoing router for a specific client you should put that client in another vlan and define a client as a member of a group to use second router as outgoing path. NAT configuration on second router iis same as first router.

2- you want to use client as a VPN server and dont want to use site to site VPN on router: if you want to use a client as VPN server, you can not use router ip address as this server public IP address and should change router interface IP address to private and use static NAT for VPN server

ps.In above cases, I assume that your routers are connected to different ISPs

0 Helpful

Go to solution
Dan-Ciprian Cicioiu
Level 7
Level 7
In response to kamran_Roostaee

‎04-17-2012 10:23 PM

Hi Nick ,

If you want the second router to have an interface with an public IP address then you should connect it as the first router, that is to the Internet Provider and the gateway should be the provider's eqipment.

In order to accommodate the second router you will need a switch : the link from the provider will be conected to this switch , and also both internet routers owned by you .

Dan

0 Helpful

Go to solution
Nick Sinyakov
Level 1
Level 1
In response to Dan-Ciprian Cicioiu

‎04-29-2012 07:28 PM

Thanks Dan,

I've connected second router to the ISP's router in free port. Works good.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card