Solved: Additional Public Subnet for WAN

bluestreak66 · ‎12-03-2016

I have been assigned an additional /29 block of IP's and am trying to decide how to configure the router. I currently have a /29 with 1 address assigned to the interface and then the other 4 addresses are in individual NAT Pools for different Vlans. My issue is how do I handle the default route with 2 /29's and I would like to avoid using an address from my second pool on the interface. I have a single Gigabit Ethernet connection handed to my from the provider. Here are the relevant parts of the config:

!
interface GigabitEthernet0/0
description WAN Interface
ip address 69.xxx.xxx.xx4 255.255.255.248
ip nat outside
ip virtual-reassembly in
duplex auto
speed auto
crypto map VPN
!
interface GigabitEthernet0/1
no ip address
duplex auto
speed auto
!
interface GigabitEthernet0/1.10
description Primary DHCP
encapsulation dot1Q 10
ip address 10.100.1.1 255.255.255.240
ip nat inside
ip virtual-reassembly in
!
interface GigabitEthernet0/1.20
encapsulation dot1Q 20
ip address 10.100.1.17 255.255.255.240
ip nat inside
ip virtual-reassembly in
!
interface GigabitEthernet0/1.30
encapsulation dot1Q 30
ip address 10.100.1.33 255.255.255.240
ip nat inside
ip virtual-reassembly in
!
interface GigabitEthernet0/1.40
encapsulation dot1Q 40
ip address 10.100.1.49 255.255.255.240
ip nat inside
ip virtual-reassembly in
!
interface GigabitEthernet0/1.80
encapsulation dot1Q 80
ip address 10.100.1.113 255.255.255.240
ip nat inside
ip virtual-reassembly in

!
ip nat pool Vlan10 69.xxx.xxx.xx5 69.xxx.xxx.xx5 netmask 255.255.255.248
ip nat pool Vlan20 69.xxx.xxx.xx6 69.xxx.xxx.xx6 netmask 255.255.255.248
ip nat pool Vlan30 69.xxx.xxx.xx7 69.xxx.xxx.xx7 netmask 255.255.255.248
ip nat pool Vlan40 69.xxx.xxx.xx8 69.xxx.xxx.xx8 netmask 255.255.255.248
ip nat inside source list 100 interface GigabitEthernet0/0 overload
ip nat inside source list 101 pool Vlan10 overload
ip nat inside source list 102 pool Vlan20 overload
ip nat inside source list 103 pool Vlan30 overload
ip nat inside source list 104 pool Vlan40 overload

ip route 0.0.0.0 0.0.0.0 69.xxx.xxx.xx3
!

The new subnet is 204.xxx.xxx.xx6/29

What I would like to do is put the new addresses in nat pools as well, but if I setup nat pools for the new subnet and add a gateway I'm not sure this will work. Is there any way to make this work without putting an address from the new subnet on an interface? This is also at a remote site 3 hours away to make things evern more difficult.

Reza Sharifi · ‎12-04-2016

Hi,

The is no need for another default route. The original default route (ip route 0.0.0.0 0.0.0.0 69.xxx.xxx.xx3) is sufficient, as you are pointing to the same provider. Once you add the new segment to the pool, you need to contact the provider and make sure they are actually advertising the new segment they gave you (204.xxx.xxx.xx6/29). You can also go to a looking glass site and select "IPv4 BGP summary" and see if you can see the new IP segment is being advertised to Internet.

here is a link:

http://lg.he.net/

HTH

View solution in original post

johnd2310 · ‎12-03-2016

Hi,

Your configuration should work. Add 204.xxx.xxx.xx6/29 to the nat pool and configure nat. Your ISP will add a route pointing to your WAN ip address for the 204.xxx.xxx.xx6/29 network.

Thanks

John

**Please rate posts you find helpful**

bluestreak66 · ‎12-04-2016

I added a second default route:

ip route 0.0.0.0 0.0.0.0 204.xxx.xxx.xxx7

and change the pool for vlan 10 to:

ip nat pool Vlan10 204.xxx.xxx.xxx8 204.xxx.xxx.xxx2 netmask 255.255.255.248

Once I make those changed I can no longer ping out from vlan 10. I think there has to be more to it than this. Without an ip from that subnet on an interface it has no idea where to send the traffic. However I tried:

ip route 0.0.0.0 0.0.0.0 GigabitEthernet0/0

and that had no effect.

Reza Sharifi · ‎12-04-2016

Hi,

The is no need for another default route. The original default route (ip route 0.0.0.0 0.0.0.0 69.xxx.xxx.xx3) is sufficient, as you are pointing to the same provider. Once you add the new segment to the pool, you need to contact the provider and make sure they are actually advertising the new segment they gave you (204.xxx.xxx.xx6/29). You can also go to a looking glass site and select "IPv4 BGP summary" and see if you can see the new IP segment is being advertised to Internet.

here is a link:

http://lg.he.net/

HTH

bluestreak66 · ‎12-04-2016

I looks like it took a minute to take affect but it is working! If someone could take a minute to explain how this works I would greatly appreciate it. Thanks!

Reza Sharifi · ‎12-05-2016

What is your question?

If you are referring to the second public IP segment. You don't need to have an interface in that segment for it to be advertised. As a matter of fact for most larger organization, the provider connects to the customer using a /30 and also provide them a separate segment for using for NAT, FTP servers, DMZ, Internal network, etc.. and as long as that segment is advertised by the provider, the Internet can reach the segment via the provider.

HTH