Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Using private and public IP addresses without NAT

If a router has one interface with private IP address (e.g. 10.0.0.1) and another with public IP address (e.g. 1.1.1.1) and NAT is NOT enabled on the router, will the router perform routing between those interfaces?

Also, is it possible to turn on and off routing between those interfaces?

(I'd probably test it by myself, but unfortunately I don't have equipment).

Thanks all for answers.

3 REPLIES
Silver

Re: Using private and public IP addresses without NAT

I think if your routing configuration is correct and you DON'T use this router to connect to the public Internet it will work without NAT. About turning off routing between interfaces I think one way to do so is configuring ACLs.

HTH

New Member

Re: Using private and public IP addresses without NAT

1,if you want to connect to the internet,you will use NAT

2,if you want to connect to other layer 3 devices,for example,router or Pix,you will perform routing

Defaultly,router perform routing bewteen derectly interfaces

New Member

Re: Using private and public IP addresses without NAT

A router will always route between the interfaces as long as you enable IP routing (the command "ip routing" is enabled by default). It doesn't matter which IP address the interface is configured with - even if you use a mix of private and public.

Assuming that you have more than two interfaces on this router, to avoid routing between between your two interfaces with address 10.0.0.1 and 1.1.1.1, you must define an outgoing ACL on your interface towards the public network. This way your interface with the internal address can continue to talk to the router itself and any of other interfaces. If you have more than one interface with a public address, use the same ACL on all of them.

Note that this is necessary ONLY if your interface with the public address really is connected to the world outside. You may use a mix of private and public addresses internally, but never send a private address out on Internet. Then you must configure and use NAT.

Example:

access-list 1 deny 10.0.0.0 255.0.0.0

access-list 1 permit any

Interface ethernet 0

description external network

ip address 1.1.1.1 255.255.255.0

ip access-group 1 out

967
Views
0
Helpful
3
Replies
CreatePlease login to create content