NAT & Real IP's

[tkoehn]

I have looked and looked and can't find an answer so I come to you all for
some help.

We have a Cisco 2621 router and need to have it do NAT. However we also
have REAL IP's on the same physical LAN.

Currently we have a computer doing NAT and would like to replace the
computer with a router eliminating moving part problems. We also have REAL
IP's on the same physical LAN that comes out of the Cisco 2621. All
traffic after the NAT is sent out through the same Cisco 2621.



Questions:
----------------

On the Cisco 2621 router is it possible to have NAT and Real IP's passing
through the two Ethernet interfaces at the same time?

Once NAT is enabled is everything passing through translated?

Do I need a separate Ethernet interface to do the real IP's?

Any help or suggestions would be greatly appreciated.

 

[davidarndt]

I'm pretty sure you can do all you want by giving two IP addresses to the Ethernet port - one on the private network and one on the public. Make it NAT inside and make sure your access list covers both the private and public network segments on that port.

 

[jeter]

Davidarndt is on the right track!!! Heres a sample config you may be able to learn from.


interface Ethernet0/0
ip address 208.189.163.30 255.255.255.224 secondary
ip address 192.168.1.8 255.255.255.0
ip nat inside
full-duplex
!
interface Serial0/0
description NV.QEDA.240209
bandwidth 1544
no ip address
encapsulation frame-relay
no ip mroute-cache
no fair-queue
service-module t1 timeslots 1-24
cdp enable
frame-relay lmi-type ansi
!
interface Serial0/0.1 point-to-point
description FRAME-RELAY TO INTERNET
bandwidth 1544
frame-relay interface-dlci 22 IETF
!
interface Serial0/0.2 point-to-point
frame-relay interface-dlci 23 IETF
!
interface Serial0/0.3 point-to-point
ip address 208.2.161.81 255.255.255.252
ip nat outside
frame-relay interface-dlci 200 IETF
!
interface Serial0/0.4 point-to-point
frame-relay interface-dlci 202 IETF
!
router eigrp 1
network 192.168.1.0
no auto-summary
no eigrp log-neighbor-changes
!
ip default-gateway 208.2.161.80
ip nat inside source static 192.168.1.55 208.169.183.5
ip nat inside source static 192.168.1.54 208.169.183.4
ip nat inside source static 192.168.1.53 208.169.183.3
ip nat inside source static 192.168.1.52 208.169.183.2
ip nat inside source static 192.168.1.51 208.169.183.1
ip classless
ip route 0.0.0.0 0.0.0.0 208.2.168.80


I hope this helps, Good Luck !!! Jeter@LasVegas.com
J.Fisher CCNA

 

[tkoehn]

If I understand this right this statement:

ip nat inside source static 192.168.1.55 208.169.183.5

Says that the NAT IP of 192.168.1.55 is also the same as 208.169.183.5 correct? So If I were to ping 208.169.183.5 I would be pinging 192.168.1.55 on the inside?

If so. Then I mis lead you....

I need to have the NAT but at the same time on the same interface have a completely different class c route through the router. So in your examples I would need to have the ip addresses 208.189.163.30 255.255.255.224 pass right on through with out any NATing. Can I do that? What would the example be?

Thanks...
tkoehn

 

[davidarndt]

That's why you have the secondary IP address for the Ethernet port. It will happily route those addresses on the .189 segment normally.

The private addresses covered by static NAT will be routed as their alias public addresses.

If you don't need a one-to-one correspondence between inside and outside (translated) addresses, then you could just use an access list that included the entire range of private addresses and use a pool of public addresses (or even a single public address using the OVERLOAD method) to dynamically translate the private addresses to public.

 

[PaulADS]

I'm looking for info on using PC anywhere from a remote client thru a Cisco 1605 Router running NAT. I'm assuming I have to have a ststic IP for the host system(pcanywhere) And possibly use ip forwarding to go from a specific port on the router to the ip of the host pc anywhere system. Does anyone have any sample configs, or comments.
Thanks PaulADS