NAT and Public IP on same interface?

[ryezak]

Is this config even allowed in cisco land? I have deployed it but we are having many TCP port issues.
I have a network 64.x.x.x/26 block of public IPs from ISP.
I have a private NAT'd network 192.168.1.1

I have an 1841 with Fa0/0 facing the ISP in its own /30 net.
Fa0/1 has 192.168.1.1 and 64.x.x.x as secondary address using the first available IP in my block. This port is configured as the nat inside source

Is it allow to have NAT and routing of an ip on the same interface?
I am having weird TCP port issues.


interface FastEthernet0/0
ip address 62.x.x.x 255.255.255.252
ip nat outside
ip virtual-reassembly
speed 10
full-duplex
!
interface FastEthernet0/1
ip address 64.x.x.x 255.255.255.192 secondary
ip address 192.168.1.1 255.255.255.0
ip nat inside
ip virtual-reassembly
speed 100
full-duplex
!
ip classless
ip route 0.0.0.0 0.0.0.0 62.x.x.x (ISP router IP)
!

ip nat inside source list outsideNAT int Fa0/0 overload

Thanks

 

[mahlad29]

The answer is yes, but why do you have the public and private on the same interface?

What does the acl looklike for the nat list.

 

[ryezak]

Reason is I only have 2 interfaces on this router.
The ISP has asked to put a pub IP /30 (not in my usable block) on fa0/0. Then I put in a static route to forward all traffic to there provided gateway network.
THis is where the prob arose. I have 192.168.1.X net to nat'd and from the same interface the pub 64.X.x.x/26 network to route. I seem to be having issues with ports and wondered if it was because of my config.

here is the nat acl:
ip access-list extended outsideNAT
permit ip 192.168.1.0 0.0.0.255 any

ip nat inside source list outsideNAT interface FastEthernet0/0 overload

 

[mahlad29]

Im pretty sure the 64 net needs to be secondary on the external int. Not internal.

Dont worry. a senior should be by to elaborate.

 

[unclerico]

don't you have a firewall behind the router??

I hate all Uppercase... I don't want my groups to seem angry at me all the time! =)
- ColdFlame (vbscript forum)

 

[ryezak]

This is just the gateway router with about 60 users behind it.
Trying to figure out the best way to program the interfaces to have the 192 and the 64 network. Right now it is working but I am having TCP port issues. I look in the Nat translations and they seem to be doing there job but it is strange that some of my public ips the tcp ports are not working when i know I have the server operating on that specific port.
I guess it might be the ISP as well.
Any thoughts on this config if it looks proper?

 

[ChrisAC]

I don't understand what you have a public /26 but you are just NATing traffic to the outside /30 address! What you need there is a firewall which would handle all your NAT, *or*, put the public /26 on a loopback interface and then just have the internal range on your Fa0/1 interface, NATing your traffic to your public IP address on LoopbackX.

Do you even need that /26??

Chris.



**********************
Chris A.C, CCNA, CCSA
**********************