Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
3202
Views
0
Helpful
6
Replies

Dual NAT on multiple ip addresses on cisco 800

Go to solution
maudam000
Level 1
Level 1

‎10-14-2013 08:01 AM - edited ‎03-04-2019 09:18 PM

Hi,

i'm trying to figure out the configuration to obtain a dual nat routing.

I have 1 + 8 public ip addresses:

1.1.1.1 255.255.255.255

2.2.2.0 255.255.255.240

Now i would have 2 private ip addresses on the router (192.168.0.1 and 192.168.0.2) so that clients using 192.168.0.1 as default router are natted via 1.1.1.1 while clients using 192.168.0.2 as default routerare natted via 2.2.2.2

Is this config possible and how ?

Thanks in advance

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
cadet alain
VIP Alumni
VIP Alumni
In response to rizwanr74

‎10-15-2013 11:11 PM

Hi Rizwan,

Mau is talking about inside secondary address not outside one and so the example youprovided is not correct.

As I already replied :

he divides its hosts into 2 pools in DHCP with each a different default gateway and then he configures 2 NAT ACLs(one for each pool) and 2 corresponding NAT overload statements.

The VRF solution I thought of is surely not a valid solution after careful thinking 

Regards

Alain

Don't forget to rate helpful posts.

Don't forget to rate helpful posts.

View solution in original post

0 Helpful
6 Replies 6

Go to solution
rizwanr74
Level 7
Level 7

‎10-14-2013 07:03 PM

Hi Mau,

Please follow the config.

interface FastEthernet0/0

ip address 1.1.1.1 255.255.255.255

ip nat outside

interface FastEthernet0/1

ip address 192.168.0.10 255.255.255.0

ip nat inside

!

access-list 101 permit ip host 192.168.0.1 any

access-list 102 permit ip host 192.168.0.2 any

ip nat inside source list 101 interface FastEthernet0/0 overload

ip nat inside source list 102 2.2.2.2 overload

Please make sure you have a defautl route in place on your router.

thanks

Rizwan Rafeek

0 Helpful

Go to solution
maudam000
Level 1
Level 1
In response to rizwanr74

‎10-15-2013 01:43 AM

Hi Rizwan and thanks for your answer.

On my cisco 800 i can't assign an ip address to fastethernet(s)

# (config-if)#ip address 1.1.1.1 255.255.255.240

% IP addresses may not be configured on L2 links.

Maybe do i need to assign them to loopbacks ?

Thanks

Mau

0 Helpful

Go to solution
cadet alain
VIP Alumni
VIP Alumni
In response to maudam000

‎10-15-2013 02:10 AM

Hi,

This is normal behavior, a layer 2 port(switchport) can't be configured with an IP address, you have to configure a vlan interface and give it an IP address.

Now concerning your original problem as your 2 IPs on the router will be on same interface( using secondary address),you'll have to split your network in half( one half using the primary address and the other half using the secondary address).The other solution I can think of right now would be using VRF Lite( so any host can use any IP as default gateway and you should be able to achieve what you want).

Regards

Alain

Don't forget to rate helpful posts.

Don't forget to rate helpful posts.
0 Helpful

Go to solution
rizwanr74
Level 7
Level 7
In response to maudam000

‎10-15-2013 05:58 PM

Hi Mau,

On Cisco 800 router, you should be able to find a standalone single port WAN interface, under that port you should be able to assign multiple sub secondary addresses as many as you want to.  Please stick to actual subnet mask given for those ip addresses by your ISP.

interface Ethernet0

ip address 1.1.1.1 255.255.255.255 secondary

ip address 2.2.2.2 255.255.255.240

access-list 101 permit ip host 192.168.0.1 any

access-list 102 permit ip host 192.168.0.2 any

ip nat inside source list 101 1.1.1.1 overload

ip nat inside source list 102 2.2.2.2 overload

Hope this helps.

thanks

Rizwan Rafeek.



0 Helpful

Go to solution
cadet alain
VIP Alumni
VIP Alumni
In response to rizwanr74

‎10-15-2013 11:11 PM

Hi Rizwan,

Mau is talking about inside secondary address not outside one and so the example youprovided is not correct.

As I already replied :

he divides its hosts into 2 pools in DHCP with each a different default gateway and then he configures 2 NAT ACLs(one for each pool) and 2 corresponding NAT overload statements.

The VRF solution I thought of is surely not a valid solution after careful thinking 

Regards

Alain

Don't forget to rate helpful posts.

Don't forget to rate helpful posts.
0 Helpful

Go to solution
maudam000
Level 1
Level 1
In response to cadet alain

‎10-17-2013 07:19 AM

Hi,

thanks for your answers.

Rizwan your solution is not what i was asking for.

Alain thanks for the ansewer even if it is unuseful.

As far as i can see the only way to achive my target is to add an additional router which will be the second NAT router so, the first will perform nat on 1.1.1.1 and the second on 2.2.2.2.

I imagined this solution:

Loop10 192.168.0.1  (nat inside 1)

Loop11 192.168.0.2  (nat inside 2)

Dialer0 1.1.1.1 (nat outside 1)

Loop0 2.2.2.2 (nat outside 2)

Ethernet unnumbered

but i was wrong thinking a router can perform a dual independent NAT on address assigned to loopback interfaces.

Thanks again

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card