Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member


Hi All,

I would like to thank you for your help and your support.

However, I am going to implement NAT solution inside my organization with 3 goals:-

1- Allow 2 Internal users ( CEO & VP ) to access Internet [using Static], using 2 Real IP assigned from MY ISP.

2-Allow 200 Internal Users to Access Internet [Using Dynamic as Overloading], using the 3rd Real IP assigned from My ISP.

3-Allow ∞ Internet users ( any one ) to access 3 Servers Only which are inside my Network, using the 4th Real IP assigned from My ISP.

This Symbol ∞ means ----? unlimited, or, any Source, any IP from any where in the internet World .

In 2nd attached, which is [network-2.pps ] you will know , how many real IP I have here in My Network , and it has 2 slights.

Before, implementing this Solution, which is NAT, I want to consult you in current Configurations of My Cisco Router which is I have here inside my organization, in order to advice me if I need to change something or Not .

The Router have 2 Interfaces, which is:-

1-interface Fast Ethernet 0/ 0

2-interface Fast Ethernet 0/1

3-The Interface F 0 / 1 is connected to Normal Unmanaged Switch from 3 Com , and it has the following IP ? / - in Port no 2 in 3COM Switch.

4-There is a Firewall connected to the Same Switch 3 Com , in Port 3 , and it have / / GW 213.255.237. 113 on NIC 1 .

5-The 2nd NIC on the Firewall, have this IP , / 24 .

6-All the Users inside my Network are connected to the Firewall, as GW to have Internet Connection device .


If I am going to implement NAT with 3 goals , do you think the current network will get down, because the Interface F 0/ 0 & F 0 / 1 are changed and one is becoming the INSIDE & Other ONE IS Becoming OUTSIDE ?

If so, can I purchase any Modular that have 4 Ethernet Ports, and do the NAT on it, and leave the Default Interfaces , as its without any disturb for OLD USERS ?

That was my question, because I have reviewed the INFRASTRUCTURE and I have seen this, so I am afraid if I implement NAT, the FIREWALL it Self, will not worked and all the users, will not have the INTERNET Connectivity and no work will done.

So, I am thinking of Purchase, one modular which is HWIC-4 , and put it in Slot 1 in the 1841 Cisco Router, and do the NAT Configurations for the New users, and leave the others as they are connected to the Firewall and have internet connection .

So, please give me your opinion, because I am get confused completely regarding the NAT and the Current situation, which I have here .

Can the Interfaces which is F 0 / 0 & F 0 / 1 , work normally with existing Network after I configure both of them with IP NAT INSIDE & IP NAT OUTSIDE ?

Or, if I change and made the F 0 / 0 as IP NAT OUTSIDE & F 0 / 1 as IP NAT INSIDE , and put the Static NAT Command, the Firewall will stop and all the others users will be unable completely to access Internet ?

Do you think I am thinking in the correct direction or not ?

I request to Purchase 2 HWIC, each one will have 4 Ethernet Ports, so the Total will have 8 Ethernet Ports .

Generally, I am asking you, if I want to implement NAT , with the 3 goals which I mention above, do I need to change the design completely from which I have to new design which I said , using the 2 HWIC Card ?

Please advice me, in order to start working on it , and develop the NAT Solution .



I'm not sure what Old Users are doing? Provided they are the ones who will also be NATed to the single shared public address, the solution should be ok.

Since you have a firewall, you can NAT on the firewall instead of a router. Is that what you are planning?





you've posted this request 6 times on this forum in different areas.

this leads to severe confusion for those trying to help you as well as keeps the forums very messy.

viewing your history, you've done this with every request you've asked. for the amount of information you request you may want to make it easier for everyone and post just one thread.

hate to seem like i'm harsh but this is very frustrating for all of us i think.