[c-nsp] Configuration challenge with NAT

Frank Bulk frnkblk at iname.com
Fri Sep 25 00:23:00 EDT 2009


I have a customer who posed a NAT question that I didn't feel I optimally
answered.

They have a Cisco router (model is not relevant) with one serial WAN
interface (T-1) and one Ethernet interface.  On the WAN side they have a /29
network to the ISP.  They also received a /29 of public IPs for internal
use.  They have several servers and devices that they want to assign these
public IP addresses to.  They don't have a separate firewall/NAT device, but
want to give internet access to several dozen company PCs via NAT.

Is there a way to use VLANs on the Ethernet interface so that some of the
public IPs for internal use can be used by the customer's servers AND the
customer's PCs can NAT against either one of the remaining public IPs for
internal use or one of the remaining public WAN IPs?

i.e.:
Server 1 with public IP f.g.h.1--\
Server 2 with public IP f.g.h.2---\  VLAN 1 
Server 3 with public IP f.g.h.3----|
					     ==== customer router
a.b.c.e---T1---a.b.c.d ISP router----Internet
                                   |
           PCs with private IPs---/  VLAN 2 

Regards,

Frank



More information about the cisco-nsp mailing list