Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

NAT-ROUTER - URGENT HELP

Dear All,

In my network, I have a Firewall Hardware called Fortigate.

This device working as NAT device, or translator between my inside network ( LAN ) & OUR ISP Cisco Router 2801.

This device has 2 Ports:

Port ( 1 ) :-

===================

1. Description: Connected to MY LAN.

2. IP Address: 192.168.1.100 / 24

NO GW & NO DNS on this Device.

Port ( 2 ) :-

================

1. Description: Connected to OUR ISP CISCO ROUTER 1841, interface F 0/1.

2. IP Address : 213.255.237.116

3. S/M : 255.255.255.248.

4.GW: 213.255.237.113---------------this is the IP Address of ISP Router, INT F 0/1.

5.DNS : 213.255.237.8 / 9

And this Device have a routing role to route every thing to 213.255.237.113 .

And on MY ISP Router, there is the following route

(ip route 0.0.0.0 0.0.0.0 213.255.237.105) .

All of my LAN users ( 200 users up to now ) , in order to access internet through this device, I have to configure them with the IP Address in the same range of the IP Address of PORT 1 .

i.e. IP---? 192.168.1.20 / 24 , GW : 192.168.1.100 , DNS : 213.255.237.8 /9.

Now for some security reasons , I need to shutdown this device and put my Cisco Router which is 1841, and configure this Router with NAT.

My 5 questions is :-

1- In order to do that, what should I do, Static NAT , or Dynamic , or PAT ?? overloading ?? ? can you Please guide me ?

I have 3 Real IP Address from my ISP, and I am using only one until now, and I need only this one IP Address to be used as real IP with those 200 Users , so guide me ?

2- I heard if I enable dynamic NAT, I have to create a one access list for each user IP, and make it Permit to Open internet for Him through my Internet Router which is Configured as NAT Router , is that correct ? if so, how can I wrote it to open only http & SMTP & FTP for only 5 users start from 192.168.1.20 up to 192.168.1.25. ?

3- what about the static route that I need to create on this router, to enable routing between interfaces ?

4- How can I configure the ROUTER with the DNS, in order to make the router configured with this DNS 213.255.237.8 ?

5- Do I need to configure the user again , or only it?s a matter of shutdown the Device, and put my router with the same configurations ?

Please guide me guys .

1 REPLY
New Member

Re: NAT-ROUTER - URGENT HELP

Hi Mmtantawi

As your network has prefix /29 you can t do Static or Dynamic Nat instead you must use Pat (port address translation) because you don't have enough ip addresses to assign to user dynamicaly.

ok !

Next if you want to use PAT you need an access list to define the source ip address you want to nat like this :

access-list 10 permit 192.168.1.0 0.0.0.255

access-list 10 deny any

then we define the nat

ip nat inside source list 10 interface fast0/1 overload

then assign our nat to interfaces

in interface configuration for fast0/1

///// ip nat outside /////

in interface configuration for fast0/0

//// ip nat inside /////

Thanks.

91
Views
0
Helpful
1
Replies