I think you have replied me previously with something like this, if I recall correctly. Anyway, the problem here is that I do not have any static IP addresses or subnet or whatsoever. The ISP is not willing to give static IP addresses for these "home" connections. They provide each customer with 5 dynamic addresses. The subnet mask for that comes from DHCP is something like 255.255.240.0 or so (I'm not near my setup on time of writing). The default gateway for every client is same (if I remember, 80.222.16.1). Lease time for dynamic addresses is 3 or 4 hours.

I can, for example, do this:

Create a bridge group of ATM interface (with the PVC defined) and FastEthernet interface. I create a corresponding BVI and can get one of the IP addresses to that (ip address dhcp). Then, behind that FastEthernet I put a switch or hub and connect four client PCs to that. Each of these PCs will get ip address. Then all my IPs would be in use. If I connect fifth PC, it does not get an address unless I release one of the previous ones.

This gave me the idea that I'd like to have all of the addresses assigned to router and then there, in single point, I could filter the traffic and put it to go where I want. I'd like to run my internal network completely with private addresses (192.168.1.x/27). I need at least one of the IP addresses with NAT to be used only for IPSEC VPN connections for a VPN security gateway device behind my router.

I just noticed that in this forum, I am able to see all my own threads/conversations in a neat list and I do not need to search for my post in the complete huge list :) Nice.

So, I checked the previous answers I have had. Here is a discussion where you replied to me:

http://forum.cisco.com/eforum/servlet/NetProf?page=netprof&CommCmd=MB%3Fcmd%3Dpass_through%26location%3Doutline%40%5E1%40%40.ee93517/0#selected_message

Here you indicate the use of NAT pool but that, too, requires that I can define the static IP addresses. Or can I create this NAT pool thing to be able to use dynamically assigned ones?

I am really hoping to find some kind of solution for this; there is bigger plans for the usage of all these IPs. Most important thing being the VPN connections.

Also, someone else told me that I should be able to create multiple subinterfaces for the ATM0/0. Then attach these interfaces to different bridge-groups.

If I define only ONE subinterface for ATM0/0 and that subint is a member of bridge-group 1, I still cannot get the IP address for BVI 1 with "ip address dhcp". Why is that? IOS reports something like "no PVCs available for bridging" or so... I mean, if subint should be working with main interface's PVC, it should be working like this (getting the IP, passing traffic). If I remove PVC definition from ATM0/0 and create that under the subint which is part of bridge-group, it works this way. BUT, I cannot define the same PVC 0/33 for all the subinterfaces (it moves to PVC configuration mode of the existing one automatically).

You need different pvc's for different sub-interfaces. So one pvc for all the other sub-interface will not work at all.

Now to resolve the issue of ip addresses, you need 5 fixed ip address. So that you can assign them to some servers

OR

you can configure some static NAT on. I don't see any other way to fix this issue.

If I get the static IP addresses, where do I configure them? As you said, directly for different network devices like server and VPN gateway?

Or then, with static IPs, I could create the NAT pool and then do some static NAT directly between public IP <-> private IP ?

I don't quite get it why it could not be possible to acquire multiple dynamic IPs for IOS. Maybe in future IOS version or is it just impossibility?

Thanks for the knowledge so far!