Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1993
Views
10
Helpful
6
Replies

Configuring a subinterface on 2900 series router

Go to solution
Kevin Melton
Level 2
Level 2

‎05-14-2010 12:08 PM - edited ‎03-04-2019 08:29 AM

I have been tasked with setting up a 2900 series router to support a new Metro Ethernet connection to the Internet for a customer.  Here is the scenario necessary for the configuration:

1)  The connection to the Internet is on a slash 30 network (for example purposes, lets say the number is 205.163.15.92/30.  I will be configuring the .94 address on the Ethernet interface which faces the Internet, and the Gateway address will be .93.  This will be on the G0/0 interface.

2) The network that i have to use on what we can call the "Inside" is 192.168.15.0/24.  I will be using a DHCP scope on the router to hand out addresses to clients.  This will be on the G0/2 interface.

3)  The ISP will be routing a large part of a routable Class C network to us via the /30 network.  Lets say that addresses 206.248.224.33-254 will be available.  Because these are publicly routable addresses, I need for these routable addresses to somehow be NAT'd against the 192.168.15.0 addresses off of the inside interface, so that users on the inside will be able to have one on one NAt connection between the 15. network and the 206.248.224 network.

Do I need to somehow configure a subinterface?  If so, where should I configure it?

Thanks

Kevin

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Federico Coto Fajardo
VIP Alumni
VIP Alumni

‎05-14-2010 12:11 PM

Kevin,

If your router is not going to have an IP that belongs to the 206.248.224.33-254 range, then just create the appropiate NAT
statements on your router to those IPs and have the ISP route back to your routers those packets.

Federico.

View solution in original post

0 Helpful
6 Replies 6

Go to solution
Federico Coto Fajardo
VIP Alumni
VIP Alumni

‎05-14-2010 12:11 PM

Kevin,

If your router is not going to have an IP that belongs to the 206.248.224.33-254 range, then just create the appropiate NAT
statements on your router to those IPs and have the ISP route back to your routers those packets.

Federico.

0 Helpful

Go to solution
Kevin Melton
Level 2
Level 2
In response to Federico Coto Fajardo

‎05-14-2010 12:24 PM

Federico

Sounds simple enough.  I was just assuming that I would have to have an IP address somewhere on the router in the 206.248.224. range in order for that to work properly...

Kevin

0 Helpful

Go to solution
Federico Coto Fajardo
VIP Alumni
VIP Alumni
In response to Kevin Melton

‎05-14-2010 12:27 PM

Kevin,

In order to NAT internal devices to a range of public IPs, there's no need for your router to have an interface on that range,
as long as the ISP routes the packet back to you properly.

Federico.

Go to solution
Jon Marshall
Hall of Fame
Hall of Fame
In response to Kevin Melton

‎05-14-2010 12:28 PM 

k-melton wrote:
Federico
Sounds simple enough.  I was just assuming that I would have to have an IP address somewhere on the router in the 206.248.224. range in order for that to work properly...
Kevin

Kevin

As long as the ISP is routing that subnet to the outside interface of your router and as long as you have not disabled proxy-arp then as Federico says you simply just setup your static NAT statements ie. you don't have to assign any of the subnet addresses to a physical interface on your router.

Jon

Go to solution
stonnet72
Level 1
Level 1

‎05-14-2010 12:46 PM

Question, why are you even doing one to one NAT's for internal IP's. Why not just

NAT all internal IP's to one specific external IP? Less administration.

0 Helpful

Go to solution
Kevin Melton
Level 2
Level 2
In response to stonnet72

‎05-17-2010 07:12 AM

Stonnet72

The reason we need to perform one on one NAT is due to the fact that most of the inside clients will be using VPN to get back to their companies networks.  VPN's do not work well with PAT.

If that was not the case, I would certainly use PAT vs. NAT with a single PAT address.

Thanks for your response.

Kevin

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card