NAT of PUBLIC IP in Cisco 800

Unanswered Question
Dec 1st, 2008

Hi All,

i'm running Cisco 800 with 3 public IP that i'v bought from my ISP, 2 are in the same subnet, and the third one is in different subnet.

this is my Network :

LAN ----> Firewall---> Cisco800--->Internet

in the inside i have make a network with the 2 IP adresses that are in the same subnet. in the outside of the router i have configured the third one that is in different classe.

the router can connect to internet, but my LAN can not connect to internet.

i think i have problems in NAT, someone have configured this before ?

Please Help.

Thanks & Regards.

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
JORGE RODRIGUEZ Mon, 12/01/2008 - 09:00

Most likely is your NAT configuration, who is doing NATing the router or your firewall?

If firewall is NATing what type PIX/ASA? can you post sanatized config for firewall.



mannschaft Mon, 12/01/2008 - 09:17

Hi Jorge,

i have Symantec Firewall, i'm not experiensed with this firewall so another guy will work on it, he is just asking to configure NAT on the router. so at first he will configure on the outside interface of the firewall this kinda IP : and i will configure in the Inside interface of the Router this IP : thos 2 IP are Public and we have bought from our ISP.

at the Outside of the router i will configure this public IP :

this IP will serve to connect to internet. as you can see Lan between the router and the firewall is in different subnet as the outside interface of the router. so what can i configure as NAT in the router to make the outside interface of the firewall and the LAN connected to internet.

Thanks in advance.

JORGE RODRIGUEZ Mon, 12/01/2008 - 10:30

Ok , what model 800 are u using, I want to see the specs.

LAN- <-->

Then 800Router-outside>

is the above correct?

on router you would probably have a default route to 46.254.230.x which is upstream ISP router so perhaps you do not need to do the NATing on the router but have the fw do the natting since your fw outside interface has public IP.

I would in fw have a default route pointing to, and from fw PAT your inside LAN against your FW outside interface.

Does it makes sence?




This Discussion