Multiple dynamic NAT Pools?

Answered Question
Oct 5th, 2007

Hi all:


I've got a bit of a dilemma that I'm hoping you can help me solve.


I've got a list of outside IP addresses that I'd like to put into a NAT pool. Here's the problem - the pool is currently setup with PAT to a single IP, and I need to expand the pool. The real issue is that I can't use the IPs in line right after it due to them being in use, so I have to grab some from a lower number. How would I go about doing this? My attempts so far have been on a test router (luckily) so I can get to play with this.


My config currently looks like this (on a 2651 router - IP addresses changed):


interface FastEthernet0/0

description To PIX

ip address 10.0.95.9 255.255.255.240

ip nat inside

ip route-cache flow

speed 100

full-duplex

!

!

interface FastEthernet0/1

description INTERNET

bandwidth 10000

ip address 10.0.41.194 255.255.255.224

ip access-group 101 in

ip nat outside

ip route-cache flow

speed 10

full-duplex


ip nat pool TEST 10.0.41.194 10.0.41.194 netmask 255.255.255.224

ip nat inside source list 102 pool TEST overload


access-list 101 permit <hosts>

access-list 102 permit ip any any

access-list 102 permit icmp any any


I realize the overload needs to be removed, and that the ACL will need to be updated, but that's in production at the moment.


I'm looking to use the range 10.0.41.208 - 10.0.41.212 in the second dynamic pool (if I can do it).


Any ideas?


Thanks in advance!

Correct Answer by rebecca.richards about 9 years 4 months ago

Hi,


I've had a look at how we've configured NAT on our router.


One thing I've found is that you can have multiple "address" statements within a NAT pool:


ip nat pool BLAH prefix-length 24

address 192.168.1.1 192.168.1.100

address 192.168.1.200 192.168.14.254

!


In this case, we're not really doing PAT, but 1:1 dynamic natting.


Hope this sparks an idea for you!


- bec

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
whilenski Mon, 10/08/2007 - 05:39

Since there are no replies to this, I'm wondering if this is even doable.


Any input is appreciated.

Correct Answer
rebecca.richards Mon, 10/08/2007 - 21:26

Hi,


I've had a look at how we've configured NAT on our router.


One thing I've found is that you can have multiple "address" statements within a NAT pool:


ip nat pool BLAH prefix-length 24

address 192.168.1.1 192.168.1.100

address 192.168.1.200 192.168.14.254

!


In this case, we're not really doing PAT, but 1:1 dynamic natting.


Hope this sparks an idea for you!


- bec

whilenski Tue, 10/09/2007 - 03:42

Hi Bec,


Thanks for the heads up on that usage! I'll have to try it out and see if I can use it.


Walter

whilenski Tue, 10/09/2007 - 06:42

Thanks Bec!


That resolved my issue (once I figured my ACL 101 was blocking some IPs I had).


Walter

Actions

This Discussion