Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
277
Views
0
Helpful
2
Replies

Configuring NAT on Router?

brian-henry
Level 4
Level 4

‎01-29-2004 09:18 AM - edited ‎03-02-2019 01:14 PM

I have read all the documents on IOS NATing and I still have a few questions for my situation.

I have a 3745 with a T1 with Serail Interface 0/0 IP Address = 172.x.x.x on our side and 172.x.x.x on USLec side.

I have a range of vaild IP Addresses of 66.129.x.x thru 66.129.x.x

I need to setup a VPN tunnel to the corporate Headquaters of x.x.x.x and only allow them to manage the device, let that IP address back in.

I have Several Interface VLANs on the inside to seperate out Servers, Users, Phones and Management.

I want to only use one, PAT, of my addresses for all users to reslove to when getting out to the internet, etc.

I want one to corralate to a real address so I can manage it from the headquarters.

Don't I have to make one of the FE0/0 or FE0/1 a real address 66.129.x.x and the other an internal address 192.x.x.x to amke this work? So the FE0/0 can be the outside and FE0/1 can be the inside.

If there are any good docs on this I will start there. If I am not amking any since and you want mode details please let me know.

Thanks!

Labels:
0 Helpful
2 Replies 2

Georg Pauwen
VIP
VIP

‎01-30-2004 02:36 AM

Hello,

you can best use NAT overloading for your purposes.

Assuming that you want to use FE0/0 as the inside and FE0/1 as the outside interface, and that your hosts are on the internal network 192.168.1.0/24, and that your global IP address range is 66.129.1.0/29, your configuration would look like this:

interface FastEthernet0/0

ip address 192.168.1.1 255.255.255.0

ip nat inside

!

interface FastEthernet0/1

ip address 66.129.1.1 255.255.255.248

ip nat outside

!

access-list 1 permit 192.168.1.0 0.0.0.255

!

ip nat inside source list 1 interface FastEthernet0/1 overload

Check this link to the Cisco NAT Support Page:

http://www.cisco.com/pcgi-bin/Support/browse/psp_view.pl?p=Technologies:NAT&s=Implementation_and_Configuration#Samples_and_Tips

HTH,

GP

0 Helpful

brian-henry
Level 4
Level 4
In response to Georg Pauwen

‎01-30-2004 04:04 AM

Thanks for the info.

So if I have inside subnets of

VLAN 1 192.168.0.1

VLAN 2 192.168.1.0

VLAN 100 192.168.2.0

VLAN 102 192.168.3.0

and 192.168.4.1

and my serial interface is 172.x.x.x

then I would just use the ACL of 192.168.x.x to cover only those subnets that I want to traverse the interface of FE0/1 does FE0/0 have to be in the same subnet as all the rest of my different networks?

Thanks again

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents