Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Configuring NAT on Router?

I have read all the documents on IOS NATing and I still have a few questions for my situation.

I have a 3745 with a T1 with Serail Interface 0/0 IP Address = 172.x.x.x on our side and 172.x.x.x on USLec side.

I have a range of vaild IP Addresses of 66.129.x.x thru 66.129.x.x

I need to setup a VPN tunnel to the corporate Headquaters of x.x.x.x and only allow them to manage the device, let that IP address back in.

I have Several Interface VLANs on the inside to seperate out Servers, Users, Phones and Management.

I want to only use one, PAT, of my addresses for all users to reslove to when getting out to the internet, etc.

I want one to corralate to a real address so I can manage it from the headquarters.

Don't I have to make one of the FE0/0 or FE0/1 a real address 66.129.x.x and the other an internal address 192.x.x.x to amke this work? So the FE0/0 can be the outside and FE0/1 can be the inside.

If there are any good docs on this I will start there. If I am not amking any since and you want mode details please let me know.


VIP Purple

Re: Configuring NAT on Router?


you can best use NAT overloading for your purposes.

Assuming that you want to use FE0/0 as the inside and FE0/1 as the outside interface, and that your hosts are on the internal network, and that your global IP address range is, your configuration would look like this:

interface FastEthernet0/0

ip address

ip nat inside


interface FastEthernet0/1

ip address

ip nat outside


access-list 1 permit


ip nat inside source list 1 interface FastEthernet0/1 overload

Check this link to the Cisco NAT Support Page:



New Member

Re: Configuring NAT on Router?

Thanks for the info.

So if I have inside subnets of



VLAN 100

VLAN 102


and my serial interface is 172.x.x.x

then I would just use the ACL of 192.168.x.x to cover only those subnets that I want to traverse the interface of FE0/1 does FE0/0 have to be in the same subnet as all the rest of my different networks?

Thanks again

CreatePlease login to create content