Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Dual NAT on multiple ip addresses on cisco 800

Hi,

i'm trying to figure out the configuration to obtain a dual nat routing.

I have 1 + 8 public ip addresses:

1.1.1.1 255.255.255.255

2.2.2.0 255.255.255.240

Now i would have 2 private ip addresses on the router (192.168.0.1 and 192.168.0.2) so that clients using 192.168.0.1 as default router are natted via 1.1.1.1 while clients using 192.168.0.2 as default routerare natted via 2.2.2.2

Is this config possible and how ?

Thanks in advance

1 ACCEPTED SOLUTION

Accepted Solutions
Purple

Dual NAT on multiple ip addresses on cisco 800

Hi Rizwan,

Mau is talking about inside secondary address not outside one and so the example youprovided is not correct.

As I already replied :

he divides its hosts into 2 pools in DHCP with each a different default gateway and then he configures 2 NAT ACLs(one for each pool) and 2 corresponding NAT overload statements.

The VRF solution I thought of is surely not a valid solution after careful thinking 

Regards

Alain

Don't forget to rate helpful posts.

Don't forget to rate helpful posts.
6 REPLIES

Dual NAT on multiple ip addresses on cisco 800

Hi Mau,

Please follow the config.

interface FastEthernet0/0

ip address 1.1.1.1 255.255.255.255

ip nat outside

interface FastEthernet0/1

ip address 192.168.0.10 255.255.255.0

ip nat inside

!

access-list 101 permit ip host 192.168.0.1 any

access-list 102 permit ip host 192.168.0.2 any

ip nat inside source list 101 interface FastEthernet0/0 overload

ip nat inside source list 102 2.2.2.2 overload

Please make sure you have a defautl route in place on your router.

thanks

Rizwan Rafeek

New Member

Dual NAT on multiple ip addresses on cisco 800

Hi Rizwan and thanks for your answer.

On my cisco 800 i can't assign an ip address to fastethernet(s)

# (config-if)#ip address 1.1.1.1 255.255.255.240

% IP addresses may not be configured on L2 links.

Maybe do i need to assign them to loopbacks ?

Thanks

Mau

Purple

Dual NAT on multiple ip addresses on cisco 800

Hi,

This is normal behavior, a layer 2 port(switchport) can't be configured with an IP address, you have to configure a vlan interface and give it an IP address.

Now concerning your original problem as your 2 IPs on the router will be on same interface( using secondary address),you'll have to split your network in half( one half using the primary address and the other half using the secondary address).The other solution I can think of right now would be using VRF Lite( so any host can use any IP as default gateway and you should be able to achieve what you want).

Regards

Alain

Don't forget to rate helpful posts.

Don't forget to rate helpful posts.

Dual NAT on multiple ip addresses on cisco 800

Hi Mau,

On Cisco 800 router, you should be able to find a standalone single port WAN interface, under that port you should be able to assign multiple sub secondary addresses as many as you want to.  Please stick to actual subnet mask given for those ip addresses by your ISP.

interface Ethernet0

ip address 1.1.1.1 255.255.255.255 secondary

ip address 2.2.2.2 255.255.255.240

access-list 101 permit ip host 192.168.0.1 any

access-list 102 permit ip host 192.168.0.2 any

ip nat inside source list 101 1.1.1.1 overload

ip nat inside source list 102 2.2.2.2 overload

Hope this helps.

thanks

Rizwan Rafeek.



Purple

Dual NAT on multiple ip addresses on cisco 800

Hi Rizwan,

Mau is talking about inside secondary address not outside one and so the example youprovided is not correct.

As I already replied :

he divides its hosts into 2 pools in DHCP with each a different default gateway and then he configures 2 NAT ACLs(one for each pool) and 2 corresponding NAT overload statements.

The VRF solution I thought of is surely not a valid solution after careful thinking 

Regards

Alain

Don't forget to rate helpful posts.

Don't forget to rate helpful posts.
New Member

Dual NAT on multiple ip addresses on cisco 800

Hi,

thanks for your answers.

Rizwan your solution is not what i was asking for.

Alain thanks for the ansewer even if it is unuseful.

As far as i can see the only way to achive my target is to add an additional router which will be the second NAT router so, the first will perform nat on 1.1.1.1 and the second on 2.2.2.2.

I imagined this solution:

Loop10 192.168.0.1  (nat inside 1)

Loop11 192.168.0.2  (nat inside 2)

Dialer0 1.1.1.1 (nat outside 1)

Loop0 2.2.2.2 (nat outside 2)

Ethernet unnumbered

but i was wrong thinking a router can perform a dual independent NAT on address assigned to loopback interfaces.

Thanks again

655
Views
0
Helpful
6
Replies
CreatePlease to create content