I have a Cisco 2821 Router. Its ethernet Interface(E1) is connected to an ISP's Gateway.The outside interface IP is 207.x.x.1
The ISP has given 6 public IPs (202.x.x.1- 202.x.x.6) to use in LAN.
I have configured the router`s Internal Interface(E0) with a public IP address. (i.e. 202.x.x.1)
My Internal LAN PCs are in a private range of 192.168.1.0/24 subnet. Now I wanted my PC users to access the Internet while the Routers public IP remains on internal interface. How can I do the same?
PAT is your solution.
ip nat pool globalnet 202.x.x.2 202.x.x.6 netmask
ip nat inside source list
ip nat inside
ip add 202.x.x.1
ip nat outside
PS: Please rate helpful post...
Here on the webinterface facing ISP should I use 202.x.x.1 (i.e. one of the public LAN IP) or the Point-to-Point IP given by ISP network (207.x.x.1)?
As if I will use 202.x.x.1 as outside wan interface IP then how will it connect to 207.x.x.x network of ISP?
Sandip, can you please answer the following questions:
a) Are you aware that you do not need any of the 6 public IPs if all you want is allow your internal users, on the 192.168.1.0/24 subnet, to have access to the Internet?
b) Do you have internal servers that you would like the Internet to have access to them, like web, ftp, email, etc. ?
c) Can you explain your logic for needing the 6 public IPs ?
Yes, I have few internal servers(around 3) which I would like the internet to access.
Also, I want to give shared internet to around 10 users on the LAN, which I guess require 1 more public IP.
Also,in future this may increased so there are 6 IPs allotted from ISP for use in LAN.
But I am not sure how to configure /30 WAN subnet to ISP and /29 subnet (Public LAN IPs) with private IP range (192.168.1.0/24) PCs and servers on LAN on my router...
Having a different subnets for WAN and LAN is not a problem....
let the WAN inetrface be the same as defined /30.
You can have the LAN interface connected to the router in 192.range itself.
You can do PAT for the inside LAN hosts with one public IP and for server you can do a static NAT one to one or you can leave as it as in general PAT. You can keep the remaining public ip for future use.
refer the below document for better understanding.
thanks,, I got it now.
So, it is /30 IP on ISP interface and private ip on router`s LAN side interface.
With PAT (1 of thPublic LAN /29 range IP to Private IPs) for outgoing internet access
Static NAT (public lan IP /29 - private IP) for inbound server access...