Configuring 2811 router with two private IP's

Answered Question
Jul 11th, 2008

I have a scenario where my ISP is providng only private IP(192.168.x.x) with a gateway(192.168.x.x) and a dns server(public). I have an internal LAN with IP's in the range 172.16.x.x. Is it possible to configure my ISP's IP address on fa0/0 and my internal IP address on fa0/1 ? Will the clients in the internal netwrok be able to access internet ?

I have this problem too.
0 votes
Correct Answer by Richard Burts about 8 years 5 months ago

Abraham

This is certainly possible on the 2811 to translate addresses even when both addresses are in the private address range. In fact for translation it really does not matter whether the address ranges are private or public. Your config might look something like this:

interface fast0/0

ip nat outside

interface fast0/1

ip nat inside

access-list 50 permit 172.16.1.0 0.0.0.255

ip nat inside source list 50 interface fast0/0 overload

HTH

Rick

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
Richard Burts Fri, 07/11/2008 - 10:41

Abraham

There is an issue that usually comes up when you connect a router to an ISP. The issue is that the ISP must have a route to the address space inside your network. This is true whether the ISP is assigning you a public address for the interface connecting to them (the usual case) or is assigning a private address for that interface (this is your case). The common way to solve that issue is to translate your inside addresses into the address space assigned to you by the ISP. So if you translate your 172.16.x.x addresses into the 192.168.x.x addresses then your users should be able to access the Internet.

It may also be possible to negotiate with the ISP and have them route your 172.16.x.x addresses to you. In that case your users would be able to access the Internet without address translation (actually the ISP will be translating addresses for Internet access).

If you do not do one of these alternatives then I do not see how your users would be able to access the Internet.

HTH

Rick

libuvar08 Fri, 07/11/2008 - 12:04

Rick,

I like to go with the first solution you proposed in which case my internal LAN 172.16.x.x address will be translated to 192.168.x.x. But is this possible with Cisco 2811 routers since both address are in the private IP range ? If yes how should the routing table look like ?

The actual scenario's is as below

External IP on fe0/0

IP : 192.168.128.101

Subnet : 255.255.255.0

Gateway : 192.168.128.100

DNS: 85.x.x.x

Internal IP on fe0/1

IP: 172.16.1.1

Subnet : 255.255.255.0

I have done this using ISA server with two interface cards and it works fine but I am not sure with the CISCO 2800 series routers.

Correct Answer
Richard Burts Fri, 07/11/2008 - 12:55

Abraham

This is certainly possible on the 2811 to translate addresses even when both addresses are in the private address range. In fact for translation it really does not matter whether the address ranges are private or public. Your config might look something like this:

interface fast0/0

ip nat outside

interface fast0/1

ip nat inside

access-list 50 permit 172.16.1.0 0.0.0.255

ip nat inside source list 50 interface fast0/0 overload

HTH

Rick

Actions

This Discussion