|
|
| beenframed 2001-04-19, 12:11 pm |
| Hey ya,
Our ISP originally gave us 4 public IP's I have since used them all and requested another block of IP's from the ISP. They gave me another block of addresses but they are not contiguous with my current block. What do I need to do in order to use these addresses with my current NAT configuration?
thanks,
BF | |
| Tommy 2001-04-19, 12:23 pm |
| try adding a nat translation with the new address to one of you local ips and see if it works. I think the main thing is that your ISP has a route in their router sending all traffic for those IPs to your router. I think it should work any way may be I am wrong. | |
| MadChef 2001-04-19, 2:29 pm |
| On what device are you configuring NAT?
On a pix you can simply add another global statement with the same ID and it'll work fine.
On a router I believe you can add another range to the same pool name, though this seems hazy to me so it's likely wrong.
MadChef | |
| Stickman 2001-04-19, 5:59 pm |
| I would agree with Madchef and create a second ip nat pool and create a access-list statement. My question to myself is do you associate the ip nat pool (name) to the previous nat pool or do you make a new ip nat pool (name)
One question to think about is, are you going to apply static nat or Dynamic...for ex lets say you need to assign one of your new ips to be configured on a web server. Then you will need to assign a static nat entry. | |
| dmaftei 2001-04-19, 7:13 pm |
| AFAIK you cannot combine two disjoint blocks of addresses in one pool (the pool takes one netmask or one prefix, so the addresses will be contiguous). I'm wondering if the following is possible (I'll try it tomorrow, but maybe somebody knows already).
Let's say you have 172.16.0.0/16 in your intranet. Your two blocks of inside global are 201.1.1.4 through 201.1.1.7, and 202.2.2.4 through 202.1.1.7. You would have two pools:
ip nat pool twoohone 201.1.1.4 201.1.1.7 prefix-length 30
ip nat pool twoohtwo 202.1.1.4 202.1.1.7 netmask 255.255.255.252
and one access list that covers your intranet:
access-list 1 permit 172.16.0.0 0.0.255.255
IF the following is legal:
ip nat inside source list 1 pool twoohone
ip nat inside source list 1 pool twoohtwo
you're all set. But I do NOT know if it is... 
Anybody?! | |
| MadChef 2001-04-19, 7:36 pm |
| I was thinking something more in line with the way things are done on a Pix (which is where most of my NAT experience is, so I'm trying to extend that).
Could you do something like:
ip nat pool DELLBITES 201.11.1.4 201.1.1.7 prefix-length 30
ip nat pool DELLBITES 202.1.1.4 202.1.1.7 netmas 255.255.255.252
So basically you would have two ranges referenced in a single pool. Works on a pix and I would guess that it would work in IOS, but I haven't the time to try it out and can't see any reference to something like this on cco.
Lemme know.
MadChef | |
| dmaftei 2001-04-19, 7:57 pm |
| quote:
Originally posted by MadChef
...and I would guess that it would work in IOS
I don't know about others, but I'll definitely try these two potential solutions tomorrow. I'll let you guys know how it's going.
Cheers! | |
| beenframed 2001-04-19, 9:11 pm |
| it's actually on a router not a pix and all the addresses will be used for ip nat iside source static mappings nothing dynamic. I have looked up and down cisco's site and found nothing on configuring two pools of NAT from discontiguous blocks of addresses, they explain how to configure one address for dynamic PAT at the same time configuring a static pool. But they dont say how I can go about doing configuring two pools. I am gonna try it in the morning, Hey what's the worst that could happen!!!! | |
| MadChef 2001-04-20, 4:43 am |
| quote:
Originally posted by beenframed
Hey what's the worst that could
happen!!!!
Last time I said that I ended up with my rope tied to a rock hanging above my head, both ends of the rope were tangled in trees and everyone around was laughing at me.
But that probably won't happen in your case.  Let us know how it goes.
MadChef | |
| dmaftei 2001-04-20, 3:06 pm |
| Neither
ip nat inside source list 1 pool twoohone
ip nat inside source list 1 pool twoohtwo
nor
ip nat pool DELLBITES 201.11.1.4 201.1.1.7 prefix-length 30
ip nat pool DELLBITES 202.1.1.4 202.1.1.7 netmask 255.255.255.252
works. It appears that list 1 (for "ip nat inside source"), and DELLBITES  (for "ip nat pool") act like unique identifiers. As such, the second command replaces the first one, instead of appending to it. Too bad...
Other ideas?! | |
|
| try adding a nat translation with the new address to one of you local ips and see if it works. I think the main thing is that your ISP has a route in their router sending all traffic for those IPs to your router. I think it should work any way may be I am wrong.
Question why would the above not work? if you are not overloading addresses then I dont think you need a pool. if you have inside and outside defined and the isp has routes in his router pointing the addresses to you interface ip then it may work. | |
| Stickman 2001-04-20, 3:40 pm |
| Why can't you use just have four ip nat outside source static commands?
ex:ip nat outside source static 206.10.10.1 171.68.16.5 | |
| dmaftei 2001-04-20, 6:05 pm |
| Hey beenframed,
Maybe you can split your intranet in two, have one half use the old block of four addresses, and the other half use the new block.
ip nat pool twoohone 201.1.1.4 201.1.1.7 prefix-length 30
ip nat pool twoohtwo 202.1.1.4 202.1.1.7 netmask 255.255.255.252
access-list 1 permit 172.16.0.0 0.0.127.255
access-list 2 permit 172.16.128.0 0.0.127.255
ip nat inside source list 1 pool twoohone
ip nat inside source list 2 pool twoohtwo
You think this would work? | |
| MadChef 2001-04-21, 5:55 am |
| One of the best Cisco Press books I have is "Enhanced IP Services for Cisco Networks" by Donald Lee. On page 34 he mentions something that doesn't EXACTLY apply to your situation, but could possibly be made to work:
2509(config)#ip nat pool testpool prefix-length 24
2509(config-ipnat-pool)# address 171.69.1.1 171.69.1.4
2509(config-ipnat-pool)#address 171.69.1.6 171.69.1.10
I never realized that you could define a pool and then add addresses from within the pool like he did. With this ability, you should be able to get around the problems dmaftei just mentioned and mold the nat pool as you see fit. I don't have the resources to try it out, so maybe Dmaftei can and he could let us know how flexible this is in practice.
MadChef | |
|
|
| MadChef 2001-04-21, 6:14 am |
| quote:
Originally posted by Tommy
Question why would the above not work? if you are not overloading addresses then I dont think you need a pool. if you have inside and outside defined and the isp has routes in his router pointing the addresses to you interface ip then it may work.
He could want NAT to be dynamic, even if he isn't overloading addresses.
Having the ISPs route the block back to him does him no good if he can't actually configure the block to be used in the NAT process. That's the whole trick here.
MadChef |
|
|
|