Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

NAT for some not for others

I want to impliment NAT on a 1721 router with one ethernet interface and one t1 csu/dsu WIC connected to the Internet. The server admin at this site wants his servers to maintain their public IP addresses to relieve inside vs. outside DNS issues. Can I put 10-dots and publics on the same ethernet interface while pointing the 10s to a public on the same ethernet interface for DNS? How will the router know to NAT for the 10s but not for the publics?

Isn't there a better way? I still need the answers above but I think he might be confusing the 'can't go in the same interface it came from' rule on a PIX with a router.


Re: NAT for some not for others

I think this scenario can be -theoretically- setup as follows:

1. Assign a secondary ip address of 10.x.x.x to the ethernet interface (assuming that the interface is already assigned a public address).

2. Configure dynamic NAT with an access-list for the 10.x.x.x :

(I'm not sure if the router will support both secondary addresses and dynamic NAT at the same time).

3. Configure the DNS server with a virtual ip address in the 10.x.x.x subnet.

With that being said, I think a PIX configured with either "alias" commands or better yet, PIX OS v6.2 would be more flexible and practical in this situation.



New Member

Re: NAT for some not for others

I thought this had me all set but...

e0 is set up with my only public ip address

e1 is set up as and is running IOS Firewall

DNS server is

workstations point to .2 for DNS and .1 for gateway

PAT on router sends port 80 to .2 for web interface for email (MS Exchange)

When I try to open web email on .2 I get sent to the browser interface for my router. If I forward DNS reqests outside it works OK but I will need to add other domains in the future and do not want to forward DNS out.