Subinterface nat/pat on router

Answered Question

Curious to know is it possible to nat/pat on cisco routers.


Following is the scheme.

E0: a.b.c.d/28 it is a public interface.


Now E1: will be internal with subinterfaces.

Like E1/0.1- 192.168.10.1/24

and E2/0.2- 172.20.40.1/16


Is it possible to allow these networks to nat/pat with public int.

If yes how.Here want to allow internet on these two different subnets.

Thanks in Advance.

Reg,

Sushil

Correct Answer by Jon Marshall about 8 years 7 months ago

Sushil


Yes you can NAT on subinterfaces


int e0

ip nat outside


int e1/0.1

ip nat inside


int e2/0.2

ip nat inside


access-list 101 permit ip 192.168.10.0 0.0.0.255 any

access-list 101 permit ip 172.20.0.0 0.0.255.255


ip nat inside source list 101 interface e0 overload


Jon

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
Correct Answer
Jon Marshall Thu, 11/06/2008 - 04:59
User Badges:
  • Super Blue, 32500 points or more
  • Hall of Fame,

    Founding Member

  • Cisco Designated VIP,

    2017 LAN, WAN

Sushil


Yes you can NAT on subinterfaces


int e0

ip nat outside


int e1/0.1

ip nat inside


int e2/0.2

ip nat inside


access-list 101 permit ip 192.168.10.0 0.0.0.255 any

access-list 101 permit ip 172.20.0.0 0.0.255.255


ip nat inside source list 101 interface e0 overload


Jon

pietro.palladino Thu, 11/03/2016 - 14:37
User Badges:

Hi to all. I know that this thread is pretty old, but I'll try again in exposing my problem.

First of all, I had the same question and Jon's answer were very helpful.

Actually, my question is different. In the same situation, may I nat the private networks using an IP that isn't the one of the e0 interface?

I've a /29 public range (a.b.c.192/29). My e0 IP address is the 193 and I would like to use the remaining addresses for the NAT overload. The reason is that I need to nat around 1200 users (managed with 2 vlans) with my 2821 and I don't know what could happen with just a single IP.

Yes, I know, more likely the system resources of my router will end first, but I'd like to know if there's a solution to my question.

I tried to apply a variation to the Jon's solution.

I did as he said until the source list, then I defined a NAT-pool using 3 of the remaining public IPs and then I used the pool as follows:

ip nat inside source list 101 pool NAT-POOL overload

but it didn't work. Where is the problem?

Thank you

Actions

This Discussion