Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations strongm on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Cisco 1720 NAT need 3 segments with 2 interfaces

Status
Not open for further replies.
shenmue2

shenmue2

Technical User
Apr 29, 2003
2
US
Greetings,

I have a Cisco 1720 which I would like to run a NAT - only thing is that I only have two interfaces. One serial interface that communicates with the ISP, and the ethernet interface with has the public ip range. I'm want to know how to make a private ip NAT, but is this possible with two interfaces without eliminating either current segments. I need the public range - since it is required to connect to the ISP's DNS server.

Can someone please help?

-Shenmue2
-------------------------------Here is my non NAT config----
hostname Cisco1720
!
enable password
!
!
!
ip subnet-zero
no ip domain-lookup
!
!
!
process-max-time 200
!
interface Serial0
description connected to Internet
ip address <IP REMOVED - ISP Serial IP>
no ip directed-broadcast
no keepalive
service-module t1 remote-alarm-enable
!
interface FastEthernet0
description connected to EthernetLAN
ip address <IP REMOVED - PUBLIC IPS>
no ip directed-broadcast
!
ip classless
ip route 0.0.0.0 0.0.0.0 Serial0
no ip http server
!
snmp-server engineID local <removed>
snmp-server community public <removed>
!
line con 0
exec-timeout 0 0
password 7 <removed>
login
transport input none
line aux 0
line vty 0 4
password 7 <removed>
login
!
no scheduler allocate
end
 
Sort by date Sort by votes
Hi Shenmue2

you need to enable NAT on both interface

interface Serial0
ip nat outside

interface FastEthernet0
ip nat inside

ip nat inside source list 1 interface Serial0 overload

create access-list

access-list 1 permit any

this configuration should work fine..

Beggo

 
Upvote 0 Downvote
With NAT you do not need to keep the public ip in the Ethernet segment. You could use a private one and NAT would translate to the public address when accessing the Internet. Everything else is just as eggo said.
 
Upvote 0 Downvote

Thanks Beggo - I tried your suggestions

Here's the config I ended up trying and it works to some degree - but then the clients intermittantly can not get out. Any ideas why?

-shenmue2
!
version 12.0
service timestamps debug uptime
service timestamps log uptime
service password-encryption
!
hostname Cisco1720
!
enable password 7 <omitted>
!
!
!
!
!
ip subnet-zero
no ip domain-lookup
!
!
!
process-max-time 200
!
interface Serial0
description connected to Internet
ip address <serial ip – ISP/WAN>
no ip directed-broadcast
ip nat outside
no keepalive
service-module t1 remote-alarm-enable
!
interface FastEthernet0
description connected to EthernetLAN
ip address 192.168.1.1 255.255.255.0 secondary
ip address <public ip>
no ip directed-broadcast
ip nat inside
!
ip nat pool ovrld <1 of the public ips> <1 of the public ips> <subnet>
ip nat inside source list 7 pool ovrld overload
ip classless
ip route 0.0.0.0 0.0.0.0 Serial0
no ip http server
!
access-list 7 permit 192.168.1.0 0.0.0.254
snmp-server engineID local <omitted>
snmp-server community public <omitted>
!
line con 0
exec-timeout 0 0
password 7 <omitted>
login
transport input none
line aux 0
line vty 0 4
password 7 <omitted>
login
!
no scheduler allocate
end
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

pbxcomm
  • Locked
  • Question
CISCO VG450
Replies
1
Views
228
bdk76
bdk76
Hayden09
  • Locked
  • Question
Cisco Sg-300 Flapping?
Replies
0
Views
212
Hayden09
Hayden09
Skip Rango
  • Locked
  • Question
how to backup cisco sg500-52p switch
Replies
1
Views
213
madwok
madwok
Jared R
  • Locked
  • Question
Cisco UC320W Paging Help
Replies
0
Views
208
Jared R
Jared R
JMarine0811
  • Locked
  • Question
CISCO VG450 Factory reset
Replies
1
Views
269
whykap
whykap

Part and Inventory Search

Sponsor

Back
Top