Allocating External Addresses Dynamically

Problem

You want to dynamically select addresses from a pool.

Solution

You can configure the router to automatically select global addresses from a pool as they are required:

Router#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Router(config)#access-list 15 permit 192.168.0.0 0.0.255.255
Router(config)#ip nat pool NATPOOL 172.16.1.100 172.16.1.150 netmask 255.255.255.0
Router(config)#ip nat inside source list 15 pool NATPOOL
Router(config)#interface FastEthernet 0/0
Router(config-if)#ip address 192.168.1.1 255.255.255.0
Router(config-if)#ip nat inside
Router(config-if)#exit
Router(config)#interface FastEthernet 0/1
Router(config-if)#ip address 192.168.2.1 255.255.255.0
Router(config-if)#ip nat inside
Router(config-if)#exit
Router(config)#interface Ethernet1/0
Router(config-if)#ip address 172.16.1.2 255.255.255.0
Router(config-if)#ip nat outside
Router(config-if)#exit
Router(config)#end
Router#

 

Discussion

This example is similar to Recipe 21.1. The important functional difference is that the internal devices will appear on the outside with different global addresses. The first internal device that makes an outbound connection will get the first address in the range, 172.16.1.100, the next one will get the next address, 172.16.1.101, and so forth.

You configure the range with the ip nat pool command:

Router(config)#ip nat pool NATPOOL 172.16.1.100 172.16.1.150 netmask 255.255.255.0
Router(config)#ip nat inside source list 15 pool NATPOOL

In this case, the ip nat inside command does not have the overload keyword. Without this keyword, when the pool of addresses is used up, the router will respond to any additional requests with an ICMP host unreachable message. So once all of the addresses in the poll are in use, any additional devices that try to make any connections through this router will simply fail. But if you include the overload keyword, the router will simply start over at the beginning of the range and allocate multiple interior addresses for each external one:

Router(config)#ip nat inside source list 15 pool NATPOOL overload

Once again, as in Recipe 21.1, any devices that are excluded by the access-list will simply not use this NAT rule. So the excluded devices will appear on the outside with their real (inside local) IP addresses.

Note that in this example, the IP address of the external interface is 172.16.1.2/24, and the pool of translation external addresses for use in translation is 172.16.1.100 tHRough 172.16.1.150. So the pool of NAT addresses is part of the same IP subnet as the external IP address of the NAT router. This is a common practice for Internet connections where the ISP assigns a range of global addresses. But it is not necessary.

Your NAT pool can be anything, as long as the external network knows that this router can route to the NAT addresses. This is particularly useful in cases when you need a larger pool than what is available in that one subnet. For an extreme example, we could easily have made our NAT pool span the entire range 10.0.0.0/8 to give us access to a huge number of external addresses. Of course, this range is not globally unique, so it can't be used on the public Internet:

Router(config)#ip nat pool NATPOOL 10.0.0.1 10.255.255.254 netmask 255.0.0.0

 

See Also

Recipe 21.1

Router Configuration and File Management

Router Management

User Access and Privilege Levels

TACACS+

IP Routing

RIP

EIGRP

OSPF

BGP

Frame Relay

Handling Queuing and Congestion

Tunnels and VPNs

Dial Backup

NTP and Time

DLSw

Router Interfaces and Media

Simple Network Management Protocol

Logging

Access-Lists

DHCP

NAT

First Hop Redundancy Protocols

IP Multicast

IP Mobility

IPv6

MPLS

Security

Appendix 1. External Software Packages

Appendix 2. IP Precedence, TOS, and DSCP Classifications

Index



Cisco IOS Cookbook
Cisco IOS Cookbook (Cookbooks (OReilly))
ISBN: 0596527225
EAN: 2147483647
Year: 2004
Pages: 505

Flylib.com © 2008-2020.
If you may any questions please contact us: flylib@qtcs.net