08-18-2009 09:32 PM - edited 03-06-2019 07:18 AM
hi every body.
I have some questions about nat.
Let say we have two valid ip addresses , assigned by my isp which are as follows:
199.199.199.1/24
198.198.198.1/24
I assigned the 199.199.199.1/24 to f0 of Router i.e
Router F0--------internet
I assigned the 2nd ip address 198.198.198.1/24 to loopback int 2
Can i perorm the nat as:
int f1
ip address 10.10.10.10/24
ip nat inside
int f0
ip address 199.199.199.1/24
ip nat outside
ip nat pool zee 198.198.198.1 198.198.198.1 netmask 255.255.255.0
acess-list 10 permit 10.0.0.0 0.255.255.255
ip nat inside source list 10 pool zee overload.
( i understand better ide would be to use loopback int directly instead of pool option, just for the sake of concept,bear with me)
1) will the router be able to perform nat given the above config ?
2) is the netmask correctly configured or i should have used netmask 255.255.255.255 ?
My concern is since i want to use only ip address 198.198.198.1 for nat. The netmask 255.255.255.0 might cause the router to believe it has valid ip range available from 1 to 254.
Thanks a lot.
Solved! Go to Solution.
08-18-2009 10:46 PM
Hello Sarah,
Your configuration using the NAT pool is fine. The netmask in the NAT pool is used by router only to check if the address from the pool is not a subnet address or a broadcast - a simply sanity check. But the actual range of addresses in a NAT pool is always given by the first two arguments (lower IP, higher IP) and a router will never try to allocate different IPs. So you may leave your netmask as is.
If you configured your pool like:
ip nat pool zee 192.0.2.0 192.0.2.255 netmask 255.255.255.0
then the netmask would be used to make sure that the router does not use addresses 192.0.2.0 and 192.0.2.255 for NAT purposes. However, all the remaining addresses in the range are usable.
Best regards,
Peter
08-19-2009 07:32 AM
Sarah
"But my book says ip nat pool zee command takes 1st valip ip and last valid ip ,for exampleif i have 199.199.199.0/24 block"
which it will but 199.199.199.0 is not a valid IP and neither is 199.199.199.255. The router knows this by using the subnet mask. So your'e book and Peter are in total agreement :-)
Personally i tend to use
ip nat pool zee 199.199.199.1 199.199.199.254 netmask 255.255.255.0
but as Peter says it makes no difference if you use the other one instead.
Jon
08-18-2009 10:46 PM
Hello Sarah,
Your configuration using the NAT pool is fine. The netmask in the NAT pool is used by router only to check if the address from the pool is not a subnet address or a broadcast - a simply sanity check. But the actual range of addresses in a NAT pool is always given by the first two arguments (lower IP, higher IP) and a router will never try to allocate different IPs. So you may leave your netmask as is.
If you configured your pool like:
ip nat pool zee 192.0.2.0 192.0.2.255 netmask 255.255.255.0
then the netmask would be used to make sure that the router does not use addresses 192.0.2.0 and 192.0.2.255 for NAT purposes. However, all the remaining addresses in the range are usable.
Best regards,
Peter
08-19-2009 06:34 AM
Thanks Peter
"ip nat pool zee 192.0.2.0 192.0.2.255 netmask 255.255.255.0
then the netmask would be used to make sure that the router does not use addresses 192.0.2.0 and 192.0.2.255 for NAT purposes. However, all the remaining addresses in the range are usable.'
But my book says ip nat pool zee command takes 1st valip ip and last valid ip ,for exampleif i have 199.199.199.0/24 block, then the command looks something like that:
ip nat pool zee 199.199.199.1 199.199.199.254 netmask 255.255.255.0
But based on your response, it should look like this:
ip nat pool zee 199.199.199.0 199.199.199.255 netmask 255.255.255.0
So which one is correct ?
thanks
08-19-2009 07:32 AM
Sarah
"But my book says ip nat pool zee command takes 1st valip ip and last valid ip ,for exampleif i have 199.199.199.0/24 block"
which it will but 199.199.199.0 is not a valid IP and neither is 199.199.199.255. The router knows this by using the subnet mask. So your'e book and Peter are in total agreement :-)
Personally i tend to use
ip nat pool zee 199.199.199.1 199.199.199.254 netmask 255.255.255.0
but as Peter says it makes no difference if you use the other one instead.
Jon
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: