cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
581
Views
0
Helpful
4
Replies

Multiple dynamic NAT Pools?

whilenski
Level 1
Level 1

Hi all:

I've got a bit of a dilemma that I'm hoping you can help me solve.

I've got a list of outside IP addresses that I'd like to put into a NAT pool. Here's the problem - the pool is currently setup with PAT to a single IP, and I need to expand the pool. The real issue is that I can't use the IPs in line right after it due to them being in use, so I have to grab some from a lower number. How would I go about doing this? My attempts so far have been on a test router (luckily) so I can get to play with this.

My config currently looks like this (on a 2651 router - IP addresses changed):

interface FastEthernet0/0

description To PIX

ip address 10.0.95.9 255.255.255.240

ip nat inside

ip route-cache flow

speed 100

full-duplex

!

!

interface FastEthernet0/1

description INTERNET

bandwidth 10000

ip address 10.0.41.194 255.255.255.224

ip access-group 101 in

ip nat outside

ip route-cache flow

speed 10

full-duplex

ip nat pool TEST 10.0.41.194 10.0.41.194 netmask 255.255.255.224

ip nat inside source list 102 pool TEST overload

access-list 101 permit <hosts>

access-list 102 permit ip any any

access-list 102 permit icmp any any

I realize the overload needs to be removed, and that the ACL will need to be updated, but that's in production at the moment.

I'm looking to use the range 10.0.41.208 - 10.0.41.212 in the second dynamic pool (if I can do it).

Any ideas?

Thanks in advance!

1 Accepted Solution

Accepted Solutions

Hi,

I've had a look at how we've configured NAT on our router.

One thing I've found is that you can have multiple "address" statements within a NAT pool:

ip nat pool BLAH prefix-length 24

address 192.168.1.1 192.168.1.100

address 192.168.1.200 192.168.14.254

!

In this case, we're not really doing PAT, but 1:1 dynamic natting.

Hope this sparks an idea for you!

- bec

View solution in original post

4 Replies 4

whilenski
Level 1
Level 1

Since there are no replies to this, I'm wondering if this is even doable.

Any input is appreciated.

Hi,

I've had a look at how we've configured NAT on our router.

One thing I've found is that you can have multiple "address" statements within a NAT pool:

ip nat pool BLAH prefix-length 24

address 192.168.1.1 192.168.1.100

address 192.168.1.200 192.168.14.254

!

In this case, we're not really doing PAT, but 1:1 dynamic natting.

Hope this sparks an idea for you!

- bec

Hi Bec,

Thanks for the heads up on that usage! I'll have to try it out and see if I can use it.

Walter

Thanks Bec!

That resolved my issue (once I figured my ACL 101 was blocking some IPs I had).

Walter

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Innovations in Cisco Full Stack Observability - A new webinar from Cisco