NAT

Unanswered Question
Nov 7th, 2007

My customer is doing static IPs but is running out of available IP addresses. He wants to utilize a FWSM in a C6513 that is not being used and configure it for NAT to allow more IP addresses - but doesn't want to change his other static IPs. Can they run at the same time? I've only been in enviroments that used NAT exclusively. Will it work if one of his static IPs was placed on the FWSM outside interface to provide more IP addresses?

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Jon Marshall Wed, 11/07/2007 - 23:51

Hi

Can you give an example in terms of addressing. I am a bit confused ie. if he is running out of addresses how will using the FWSM create more ip addresses ?

Jon

jessupmle Thu, 11/08/2007 - 12:27

He would like to use the NAT feature of the FWSM to create more ip addresses. One IP on the outside is translated into a range of IP adddresses on the inside.

My customer gave me one of the last IP addresses he has, which is 192.13.252.115, and wants me to place in on the external interface. He wants that one IP address to translate to a range of IP addresses on the inside (192.168.1.1 to 192.168.1.254 with a Class C subnet). Yet, he is hoping that the other static IPs in the 192.13.252.0 range don't need to be static changed. Since the FWSM is a module, there are no physical interfaces so it uses VLANs. If the outside VLAN is VLAN 5 and the inside VLAN is VLAN 55, will NAT be available on a workstation connected to a port that is on VLAN 55?

Jon Marshall Mon, 12/17/2007 - 23:51

Mark

Sincere apologies for not responding. Sometimes due to pressures of work etc. i lose track of a thread. If this is still a problem i would be more than happy to try and sort this out with you.

I'm still a little unclear as to what you are asking. Yes you can use a single IP address on the outside interface of the FWSM and NAT all the clients on the inside interface to that IP address. What you cannot do with this setup is initiate connections from outside to a client on vlan 55 because there is not static translation set up. But it works fine if the clients on vlan 55 initiate the connection.

Does this answer your question ?

Once again apologies, these forums are usually very helpful.

Jon

Actions

This Discussion