07-30-2013 08:03 AM - edited 03-04-2019 08:36 PM
I have a little difficulty with configuring nat pool routing. I have 4 consective public address assigned to me. I used two on each end of a site to site connection, both are routers. There are two more public IP left to be used for nat pool. In my Eigrp routing , I advertise the point-to-point network on bother side of routers. When I ping from one end host to another host in the other network , the packet was drop by the routers. Is there any extra steps I need to config the routing to let the routers know where the packet should be sent?
Here is my sho run
Router1
!
interface FastEthernet0/0
ip address 172.16.1.1 255.255.255.252
ip nat inside
duplex auto
speed auto
!
interface FastEthernet0/1
no ip address
duplex auto
speed auto
shutdown
!
interface Serial0/3/0
ip address 200.0.1.1 255.255.255.252
ip nat outside
clock rate 2000000
!
interface Serial0/3/1
no ip address
clock rate 2000000
shutdown
!
interface Vlan1
no ip address
shutdown
!
router eigrp 1
network 172.16.1.0 0.0.0.3
network 200.0.1.0
auto-summary
!
ip nat pool mypool 200.0.1.3 200.0.1.4 netmask 255.255.255.248
ip nat inside source list 100 pool mypool overload
ip classless
!
!
access-list 100 permit ip 172.16.10.0 0.0.0.255 any
access-list 100 permit ip 172.16.20.0 0.0.0.255 any
access-list 100 permit ip 172.16.30.0 0.0.0.255 any
!
Router2:
interface FastEthernet0/0
ip address 192.168.1.1 255.255.255.0
duplex auto
speed auto
!
interface FastEthernet1/0
no ip address
duplex auto
speed auto
shutdown
!
interface Serial2/0
ip address 200.0.1.2 255.255.255.252
!
interface Serial3/0
no ip address
clock rate 2000000
shutdown
!
interface FastEthernet4/0
no ip address
shutdown
!
interface FastEthernet5/0
no ip address
shutdown
!
router eigrp 1
network 192.168.1.0
network 200.0.1.0
auto-summary
!
ip classless
!
Thanks in advance!
Solved! Go to Solution.
07-30-2013 10:51 AM
Hi Grace,
there is actually one problem.
In my Eigrp routing , I advertise the point-to-point network on bother side of routers.
Yes, you do. But that is only prefix 200.0.1.0 with mask of /30, where :
200.0.1.3 is broadcast address
200.0.1.4 is not even there!
R2 simply does not know:
if you execute the command:
R2#show ip route 200.0.1.4
% Subnet not in table
So, there is a solution, but let me ask you first - were you assigned only these ip addresses of 200.0.1.1 - 4 or some whole subnet? Like 200.0.1.0 /29 ? I think that 200.0.1.0 should also be in your possesion - as the network address. If that is the case, I can show you one trick...
Bur right now, I have two solutions for you:
Create loopback on R1 and advertise it through EIGRP to R2:
R1(config)#int lo0
Let me know, how did you decide.
Best regards,
Jan
07-30-2013 12:21 PM
Hi Grace!
You're welcome!
Just to not make any hasty decisions - I would like to know if you have 200.0.1.0 address in your possession as well (you should have as it is now the network address of link between R1-R2 but you mentioned that you have only addresses 200.0.1.1 through 200.0.1.4). In that case, there is a little trick that could be used on point-to-point interfaces. You can actually use /31 mask instead of /30 (thus not wasting any address for network address and broadcast address). Please, tell me precisely what range of addresses has ISP given you.
Also, what do you use R2 for? I am thinking, why is there public IP on the interface between R1 and R2. Is R2 your connection point towards the ISP?
As for the internal servers - we should first redesign the IP addressing/NAT scheme and then do this. But yes, you will need static nat.
For example: R1(config)#ip nat inside source static YOUR_PRIVATE_ADDRESS 200.0.1.4
How many internal servers do you have? If we would make use of /31 mask, then you could use 3 IP addresses 200.0.1.2-4 for server assignment.
Best regards,
Jan
07-30-2013 01:32 PM
Hi Grace,
that's wonderful. So you could use /31 masks on point-to-point interfaces. Like this:
R1
interface Serial0/3/0
ip address 200.0.1.0 255.255.255.254
R2
interface Serial2/0
ip address 200.0.1.1 255.255.255.254
That way, you used just 2 addresses instead of 4.
Yes, I have public IP from 200.0.1.0 to 200.0.1.4. I have one HQ and three branch offices to set up. RT1 is HQ and RT2 is Branch1, and two more to go. I want to make one link working then copy that over to the other two.
So, you basically need 4 more addresses just to interconnect R1 and R3, R4 when using /31 mask, right?
I have two servers in HQ, one outward facing and one inward facing, may need more inward servers later, now is only two.
I'm sorry, but what do you mean by outward/inward facing? Inward facing, like private for your company and outward facing, like connected to the internet?
Do I have enough public IPs? What should I do?
Right now, it seems like you don't have that much - if you want to make all those connections to branches via public addresses.
R1-R2
R1-R3
R1-R4
= 6 ip addresses
Let me know if I understand this correctly , please. Maybe you think something else, but this is the image what I got.
Best regards,
Jan
07-30-2013 10:51 AM
Hi Grace,
there is actually one problem.
In my Eigrp routing , I advertise the point-to-point network on bother side of routers.
Yes, you do. But that is only prefix 200.0.1.0 with mask of /30, where :
200.0.1.3 is broadcast address
200.0.1.4 is not even there!
R2 simply does not know:
if you execute the command:
R2#show ip route 200.0.1.4
% Subnet not in table
So, there is a solution, but let me ask you first - were you assigned only these ip addresses of 200.0.1.1 - 4 or some whole subnet? Like 200.0.1.0 /29 ? I think that 200.0.1.0 should also be in your possesion - as the network address. If that is the case, I can show you one trick...
Bur right now, I have two solutions for you:
Create loopback on R1 and advertise it through EIGRP to R2:
R1(config)#int lo0
Let me know, how did you decide.
Best regards,
Jan
07-30-2013 12:06 PM
Hi! Jan:
Thank you so much for you help! I am going to change the nat design. I will not use nat pool, but use inter face overload. That will solve the routing problem. Since I need to let people have access to resource in the private network from public internet, I might as well save the public IPs for later.
Now I have more questions, how do I map my internal servers, which was assigned with a private IP, to out side world? Static nat? If I use /32 for my point to point network, I already wasted 200.0.1.3 which I can not use anymore.
Thanks again!
Grace
07-30-2013 12:21 PM
Hi Grace!
You're welcome!
Just to not make any hasty decisions - I would like to know if you have 200.0.1.0 address in your possession as well (you should have as it is now the network address of link between R1-R2 but you mentioned that you have only addresses 200.0.1.1 through 200.0.1.4). In that case, there is a little trick that could be used on point-to-point interfaces. You can actually use /31 mask instead of /30 (thus not wasting any address for network address and broadcast address). Please, tell me precisely what range of addresses has ISP given you.
Also, what do you use R2 for? I am thinking, why is there public IP on the interface between R1 and R2. Is R2 your connection point towards the ISP?
As for the internal servers - we should first redesign the IP addressing/NAT scheme and then do this. But yes, you will need static nat.
For example: R1(config)#ip nat inside source static YOUR_PRIVATE_ADDRESS 200.0.1.4
How many internal servers do you have? If we would make use of /31 mask, then you could use 3 IP addresses 200.0.1.2-4 for server assignment.
Best regards,
Jan
07-30-2013 01:04 PM
Hi!Jan:
Yes, I have public IP from 200.0.1.0 to 200.0.1.4. I have one HQ and three branch offices to set up. RT1 is HQ and RT2 is Branch1, and two more to go. I want to make one link working then copy that over to the other two.
I have two servers in HQ, one outward facing and one inward facing, may need more inward servers later, now is only two.
I want to connect each branches to HQ through VPN, each branches have its internet access. Now each office has less than 20 hosts, for now. All users want to have access from all office and from home as well.
This is the basic big picture. I just do not want to waste any public IP I have now. If I need more, I can ask for more. I would like to keep the cost down as much as I can.
Do I have enough public IPs? What should I do?
Thanks again!
Grace
07-30-2013 01:32 PM
Hi Grace,
that's wonderful. So you could use /31 masks on point-to-point interfaces. Like this:
R1
interface Serial0/3/0
ip address 200.0.1.0 255.255.255.254
R2
interface Serial2/0
ip address 200.0.1.1 255.255.255.254
That way, you used just 2 addresses instead of 4.
Yes, I have public IP from 200.0.1.0 to 200.0.1.4. I have one HQ and three branch offices to set up. RT1 is HQ and RT2 is Branch1, and two more to go. I want to make one link working then copy that over to the other two.
So, you basically need 4 more addresses just to interconnect R1 and R3, R4 when using /31 mask, right?
I have two servers in HQ, one outward facing and one inward facing, may need more inward servers later, now is only two.
I'm sorry, but what do you mean by outward/inward facing? Inward facing, like private for your company and outward facing, like connected to the internet?
Do I have enough public IPs? What should I do?
Right now, it seems like you don't have that much - if you want to make all those connections to branches via public addresses.
R1-R2
R1-R3
R1-R4
= 6 ip addresses
Let me know if I understand this correctly , please. Maybe you think something else, but this is the image what I got.
Best regards,
Jan
07-30-2013 01:48 PM
Hi! Jan:
Thanks a lot. I need to think this through. I need to get more public IP first.
Grace
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: