few question about nat

Answered Question
Aug 18th, 2009

hi every body.

I have some questions about nat.

Let say we have two valid ip addresses , assigned by my isp which are as follows:

199.199.199.1/24

198.198.198.1/24

I assigned the 199.199.199.1/24 to f0 of Router i.e

Router F0--------internet

I assigned the 2nd ip address 198.198.198.1/24 to loopback int 2

Can i perorm the nat as:

int f1

ip address 10.10.10.10/24

ip nat inside

int f0

ip address 199.199.199.1/24

ip nat outside

ip nat pool zee 198.198.198.1 198.198.198.1 netmask 255.255.255.0

acess-list 10 permit 10.0.0.0 0.255.255.255

ip nat inside source list 10 pool zee overload.

( i understand better ide would be to use loopback int directly instead of pool option, just for the sake of concept,bear with me)

1) will the router be able to perform nat given the above config ?

2) is the netmask correctly configured or i should have used netmask 255.255.255.255 ?

My concern is since i want to use only ip address 198.198.198.1 for nat. The netmask 255.255.255.0 might cause the router to believe it has valid ip range available from 1 to 254.

Thanks a lot.

I have this problem too.
0 votes
Correct Answer by Jon Marshall about 7 years 3 months ago

Sarah

"But my book says ip nat pool zee command takes 1st valip ip and last valid ip ,for exampleif i have 199.199.199.0/24 block"

which it will but 199.199.199.0 is not a valid IP and neither is 199.199.199.255. The router knows this by using the subnet mask. So your'e book and Peter are in total agreement :-)

Personally i tend to use

ip nat pool zee 199.199.199.1 199.199.199.254 netmask 255.255.255.0

but as Peter says it makes no difference if you use the other one instead.

Jon

Correct Answer by Peter Paluch about 7 years 3 months ago

Hello Sarah,

Your configuration using the NAT pool is fine. The netmask in the NAT pool is used by router only to check if the address from the pool is not a subnet address or a broadcast - a simply sanity check. But the actual range of addresses in a NAT pool is always given by the first two arguments (lower IP, higher IP) and a router will never try to allocate different IPs. So you may leave your netmask as is.

If you configured your pool like:

ip nat pool zee 192.0.2.0 192.0.2.255 netmask 255.255.255.0

then the netmask would be used to make sure that the router does not use addresses 192.0.2.0 and 192.0.2.255 for NAT purposes. However, all the remaining addresses in the range are usable.

Best regards,

Peter

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (2 ratings)
Loading.
Correct Answer
Peter Paluch Tue, 08/18/2009 - 22:46

Hello Sarah,

Your configuration using the NAT pool is fine. The netmask in the NAT pool is used by router only to check if the address from the pool is not a subnet address or a broadcast - a simply sanity check. But the actual range of addresses in a NAT pool is always given by the first two arguments (lower IP, higher IP) and a router will never try to allocate different IPs. So you may leave your netmask as is.

If you configured your pool like:

ip nat pool zee 192.0.2.0 192.0.2.255 netmask 255.255.255.0

then the netmask would be used to make sure that the router does not use addresses 192.0.2.0 and 192.0.2.255 for NAT purposes. However, all the remaining addresses in the range are usable.

Best regards,

Peter

sarahr202 Wed, 08/19/2009 - 06:34

Thanks Peter

"ip nat pool zee 192.0.2.0 192.0.2.255 netmask 255.255.255.0

then the netmask would be used to make sure that the router does not use addresses 192.0.2.0 and 192.0.2.255 for NAT purposes. However, all the remaining addresses in the range are usable.'

But my book says ip nat pool zee command takes 1st valip ip and last valid ip ,for exampleif i have 199.199.199.0/24 block, then the command looks something like that:

ip nat pool zee 199.199.199.1 199.199.199.254 netmask 255.255.255.0

But based on your response, it should look like this:

ip nat pool zee 199.199.199.0 199.199.199.255 netmask 255.255.255.0

So which one is correct ?

thanks

Correct Answer
Jon Marshall Wed, 08/19/2009 - 07:32

Sarah

"But my book says ip nat pool zee command takes 1st valip ip and last valid ip ,for exampleif i have 199.199.199.0/24 block"

which it will but 199.199.199.0 is not a valid IP and neither is 199.199.199.255. The router knows this by using the subnet mask. So your'e book and Peter are in total agreement :-)

Personally i tend to use

ip nat pool zee 199.199.199.1 199.199.199.254 netmask 255.255.255.0

but as Peter says it makes no difference if you use the other one instead.

Jon

Actions

This Discussion