cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
13155
Views
15
Helpful
3
Replies

Subinterface nat/pat on router

sushil
Beginner
Beginner

Curious to know is it possible to nat/pat on cisco routers.

Following is the scheme.

E0: a.b.c.d/28 it is a public interface.

Now E1: will be internal with subinterfaces.

Like E1/0.1- 192.168.10.1/24

and E2/0.2- 172.20.40.1/16

Is it possible to allow these networks to nat/pat with public int.

If yes how.Here want to allow internet on these two different subnets.

Thanks in Advance.

Reg,

Sushil

1 Accepted Solution

Accepted Solutions

Jon Marshall
Hall of Fame
Hall of Fame

Sushil

Yes you can NAT on subinterfaces

int e0

ip nat outside

int e1/0.1

ip nat inside

int e2/0.2

ip nat inside

access-list 101 permit ip 192.168.10.0 0.0.0.255 any

access-list 101 permit ip 172.20.0.0 0.0.255.255

ip nat inside source list 101 interface e0 overload

Jon

View solution in original post

3 Replies 3

Jon Marshall
Hall of Fame
Hall of Fame

Sushil

Yes you can NAT on subinterfaces

int e0

ip nat outside

int e1/0.1

ip nat inside

int e2/0.2

ip nat inside

access-list 101 permit ip 192.168.10.0 0.0.0.255 any

access-list 101 permit ip 172.20.0.0 0.0.255.255

ip nat inside source list 101 interface e0 overload

Jon

It solved my problem. Thank you.

pietro.palladino
Beginner
Beginner

Hi to all. I know that this thread is pretty old, but I'll try again in exposing my problem.

First of all, I had the same question and Jon's answer were very helpful.

Actually, my question is different. In the same situation, may I nat the private networks using an IP that isn't the one of the e0 interface?

I've a /29 public range (a.b.c.192/29). My e0 IP address is the 193 and I would like to use the remaining addresses for the NAT overload. The reason is that I need to nat around 1200 users (managed with 2 vlans) with my 2821 and I don't know what could happen with just a single IP.

Yes, I know, more likely the system resources of my router will end first, but I'd like to know if there's a solution to my question.

I tried to apply a variation to the Jon's solution.

I did as he said until the source list, then I defined a NAT-pool using 3 of the remaining public IPs and then I used the pool as follows:

ip nat inside source list 101 pool NAT-POOL overload

but it didn't work. Where is the problem?

Thank you

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: