What is recommended way to define the Inside Global IP address inside a router?
1) to be the same as the IP address defined on that router's interface?
2) to be different from the IP address defined on that router's interface, but still in the same subnet as the IP address defined on that router's interface?
3) to be different from the IP address defined on that router's interface, and even more to be from a different subnet compared to subnet where the IP address defined on that router's interface belongs to?
I saw on some books written by Todd Lammle all these 3 possibilities. I even tried them and all were working correctly.
So I just miss the pros and cons of each of these 3 possibilities.
It pretty much depends on availability of global addresses. If you have spare ones then i would use those first.
Whether the spare address is the interface address, out of the same subnet or a different subnet again is usually dictated by availability of addresses eg.
1) You have no spare addresses - use the interface address with port mapping
2) You have spare addresses in the same subnet - use those
3) You have run out of addresses and you already use the interface address or PAT does not work with the application. You then obtain some more IP's (usually from your ISP). As long as that new IP's are routed by the ISP to the outside interface of your router you can then use those in the same way as you original addresses.
As you say, all will work although you generally get more flexibility with options 2 & 3.
I could see a slight decrease of the number of possible NAT translation entries when using the same IP@ as defined on the router's interface, because the router will eat up some of the possible combinations IP@:port for communication with the other routers (supposing the router is using a routing protocol).
If no routing protocol is used then it will be the same as using a different IP address.
Please correct me if I'm wrong.
Also what is the best practice if I get several IP addresses from the ISP?
To allocate one of them to the router's interface and use the remaining ones for NAT (with/without overload) ?
Or to allocate one of them to the router's interface and use ALL of them for NAT, including the IP@ allocated to router's interface?
Actually with a lot of IGP's eg. OSPF/EIGRP they don't use TCP/UDP port numbers so they wouldn't actually eat up ports as such. But yes you could lose a few depending on what was using the interface address eg. tacacs+, snmp etc.
Not sure there is a best practice. What i have always done is
1) to translate inside clients to a public IP when accessing the Internet then i use the interface address because you may as well. Obviously if there are more internal clients active than available port numbers with one IP address then you would need to add another.
2) I then use spare addresses to present internal servers that require access from the Internet. If you don't have enough IP addresses for all servers then you would need to use port mapping.
3) i always try and keep one IP address spare at the very least because every now and then you come across an application that will work NAT but not port mapping.
This is actually a pretty cool feature, i didn't even know it existed until I was looking for a solution to advertise a subnet (prefix in BGP talk), only if a certain condition existed. This is exactly what conditional advertisements does
j ai une question j ai achete un routeur cisco 887VA-k9 , je le configuré avec la configuration ci- dessous
si je le lier avec mon pc portable sur l un de ses ports directement ça marche toute est bien ( la connexion internet + m...
Attached policy provides CLI access to the Cisco 4G router over text messaging. Two files are in the attached .tar file:
2. PDF with instructions on how to load and use the .tcl file.