cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
523
Views
0
Helpful
3
Replies

few question about nat

sarahr202
Level 5
Level 5

hi every body.

I have some questions about nat.

Let say we have two valid ip addresses , assigned by my isp which are as follows:

199.199.199.1/24

198.198.198.1/24

I assigned the 199.199.199.1/24 to f0 of Router i.e

Router F0--------internet

I assigned the 2nd ip address 198.198.198.1/24 to loopback int 2

Can i perorm the nat as:

int f1

ip address 10.10.10.10/24

ip nat inside

int f0

ip address 199.199.199.1/24

ip nat outside

ip nat pool zee 198.198.198.1 198.198.198.1 netmask 255.255.255.0

acess-list 10 permit 10.0.0.0 0.255.255.255

ip nat inside source list 10 pool zee overload.

( i understand better ide would be to use loopback int directly instead of pool option, just for the sake of concept,bear with me)

1) will the router be able to perform nat given the above config ?

2) is the netmask correctly configured or i should have used netmask 255.255.255.255 ?

My concern is since i want to use only ip address 198.198.198.1 for nat. The netmask 255.255.255.0 might cause the router to believe it has valid ip range available from 1 to 254.

Thanks a lot.

2 Accepted Solutions

Accepted Solutions

Peter Paluch
Cisco Employee
Cisco Employee

Hello Sarah,

Your configuration using the NAT pool is fine. The netmask in the NAT pool is used by router only to check if the address from the pool is not a subnet address or a broadcast - a simply sanity check. But the actual range of addresses in a NAT pool is always given by the first two arguments (lower IP, higher IP) and a router will never try to allocate different IPs. So you may leave your netmask as is.

If you configured your pool like:

ip nat pool zee 192.0.2.0 192.0.2.255 netmask 255.255.255.0

then the netmask would be used to make sure that the router does not use addresses 192.0.2.0 and 192.0.2.255 for NAT purposes. However, all the remaining addresses in the range are usable.

Best regards,

Peter

View solution in original post

Sarah

"But my book says ip nat pool zee command takes 1st valip ip and last valid ip ,for exampleif i have 199.199.199.0/24 block"

which it will but 199.199.199.0 is not a valid IP and neither is 199.199.199.255. The router knows this by using the subnet mask. So your'e book and Peter are in total agreement :-)

Personally i tend to use

ip nat pool zee 199.199.199.1 199.199.199.254 netmask 255.255.255.0

but as Peter says it makes no difference if you use the other one instead.

Jon

View solution in original post

3 Replies 3

Peter Paluch
Cisco Employee
Cisco Employee

Hello Sarah,

Your configuration using the NAT pool is fine. The netmask in the NAT pool is used by router only to check if the address from the pool is not a subnet address or a broadcast - a simply sanity check. But the actual range of addresses in a NAT pool is always given by the first two arguments (lower IP, higher IP) and a router will never try to allocate different IPs. So you may leave your netmask as is.

If you configured your pool like:

ip nat pool zee 192.0.2.0 192.0.2.255 netmask 255.255.255.0

then the netmask would be used to make sure that the router does not use addresses 192.0.2.0 and 192.0.2.255 for NAT purposes. However, all the remaining addresses in the range are usable.

Best regards,

Peter

Thanks Peter

"ip nat pool zee 192.0.2.0 192.0.2.255 netmask 255.255.255.0

then the netmask would be used to make sure that the router does not use addresses 192.0.2.0 and 192.0.2.255 for NAT purposes. However, all the remaining addresses in the range are usable.'

But my book says ip nat pool zee command takes 1st valip ip and last valid ip ,for exampleif i have 199.199.199.0/24 block, then the command looks something like that:

ip nat pool zee 199.199.199.1 199.199.199.254 netmask 255.255.255.0

But based on your response, it should look like this:

ip nat pool zee 199.199.199.0 199.199.199.255 netmask 255.255.255.0

So which one is correct ?

thanks

Sarah

"But my book says ip nat pool zee command takes 1st valip ip and last valid ip ,for exampleif i have 199.199.199.0/24 block"

which it will but 199.199.199.0 is not a valid IP and neither is 199.199.199.255. The router knows this by using the subnet mask. So your'e book and Peter are in total agreement :-)

Personally i tend to use

ip nat pool zee 199.199.199.1 199.199.199.254 netmask 255.255.255.0

but as Peter says it makes no difference if you use the other one instead.

Jon

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Innovations in Cisco Full Stack Observability - A new webinar from Cisco