- Bronze, 100 points or more
hi every body.
I have some questions about nat.
Let say we have two valid ip addresses , assigned by my isp which are as follows:
I assigned the 22.214.171.124/24 to f0 of Router i.e
I assigned the 2nd ip address 126.96.36.199/24 to loopback int 2
Can i perorm the nat as:
ip address 10.10.10.10/24
ip nat inside
ip address 188.8.131.52/24
ip nat outside
ip nat pool zee 184.108.40.206 220.127.116.11 netmask 255.255.255.0
acess-list 10 permit 10.0.0.0 0.255.255.255
ip nat inside source list 10 pool zee overload.
( i understand better ide would be to use loopback int directly instead of pool option, just for the sake of concept,bear with me)
1) will the router be able to perform nat given the above config ?
2) is the netmask correctly configured or i should have used netmask 255.255.255.255 ?
My concern is since i want to use only ip address 18.104.22.168 for nat. The netmask 255.255.255.0 might cause the router to believe it has valid ip range available from 1 to 254.
Thanks a lot.
"But my book says ip nat pool zee command takes 1st valip ip and last valid ip ,for exampleif i have 22.214.171.124/24 block"
which it will but 126.96.36.199 is not a valid IP and neither is 188.8.131.52. The router knows this by using the subnet mask. So your'e book and Peter are in total agreement :-)
Personally i tend to use
ip nat pool zee 184.108.40.206 220.127.116.11 netmask 255.255.255.0
but as Peter says it makes no difference if you use the other one instead.
Your configuration using the NAT pool is fine. The netmask in the NAT pool is used by router only to check if the address from the pool is not a subnet address or a broadcast - a simply sanity check. But the actual range of addresses in a NAT pool is always given by the first two arguments (lower IP, higher IP) and a router will never try to allocate different IPs. So you may leave your netmask as is.
If you configured your pool like:
ip nat pool zee 192.0.2.0 192.0.2.255 netmask 255.255.255.0
then the netmask would be used to make sure that the router does not use addresses 192.0.2.0 and 192.0.2.255 for NAT purposes. However, all the remaining addresses in the range are usable.