Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
334
Views
5
Helpful
5
Replies

Setting up NAT

jp.ward16
Level 1
Level 1

‎06-01-2015 06:51 AM - edited ‎03-08-2019 12:17 AM

Is it possible to setup NAT using the Interface for the Global Outside portion of the NAT Setup?

All ports to be Ethernet:

My setup (non-specific):

2 VLANS (192.168.1.0 ~ 192.168.2.0 /24):

1 VLAN - Wired 96 ports

1 VLAN - Wireless 2x 3702e (50 clients total)

trunk ports (for for each AP)

 

I do not know what the outside addressing is at the time of programming. Is this possible? Would you be able to provide an example of the programming?

 

 

 

Labels:
0 Helpful
5 Replies 5

Jon Marshall
Hall of Fame
Hall of Fame

‎06-01-2015 06:55 AM

What device ie. router or firewall.

If ASA what code version.

In answer to your general question yes you can use the interface without knowing the IP address but we need to understand what you are doing it on.

Jon

0 Helpful

jp.ward16
Level 1
Level 1
In response to Jon Marshall

‎06-01-2015 07:17 AM

Jon,

 

The device is a 2911 router with IOS 15.4(3) M1 Security bundle and 2x EHWIC-D-8ESG adapters for a total of 16 Gigabit switch ports. A 2504 WLC with 7.6 release and  two 3703e WAP.

0 Helpful

Jon Marshall
Hall of Fame
Hall of Fame
In response to jp.ward16

‎06-01-2015 07:35 AM

Okay, the basic configuration is in that link provided but to put it simply it would be -

1) define your inside and outside interfaces on the router using "ip nat inside" and "ip nat outside".

2) define your acls. I use extended acls because they have always worked for me. So for each subnet you would need to include that in your acl eg.

access-list 101 permit ip 192.168.10.0 0.0.0.255 any

do not use "any" as the source IPs.

If you use a standard acl as in the link again do not use "any".

3) tie it all up with your NAT statement eg.

ip nat inside source list 101 interface <x/y> overload

the interface in the above will be the one with "ip nat outside" configured on it.

Hopefully that should get it working but if you have any problems then come back.

Jon

jp.ward16
Level 1
Level 1
In response to Jon Marshall

‎06-01-2015 07:40 AM

Jon & devils_advocate,

 

Thank you for your insight to my question.

 

0 Helpful

devils_advocate
Level 7
Level 7

‎06-01-2015 06:57 AM

As long as you know the internal IP subnets and the name of the physical interface what the WAN connection plugs into, you can setup NAT without knowing the Public IP address.

See here:

http://evilrouters.net/2009/07/09/configuring-basic-nat-with-overloading/

Obviously it will not work without the WAN connection online and working but you can get the setup done. 

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card