Specify Outbound External IP with a Cisco Router
Posted on April 26, 2015
- and tagged as
- cisco,
- networking
With most simple configurations the public IP for outbound traffic will be the IP of the external interface. Sometimes this is not desirable as there may be a need to have different departments or VLANs (ie, Guest VLANs) exit the network through another public IP address, one which may not have its own interface, for example, an IP provided as a framed route by the ISP.
I use the following two methods to accomplish this, one involving a NAT pool, the other using a Loopback interface.
For these examples, we will be assuming the internal subnet is 10.10.15.0/24 and the external IP 1.1.1.1/29.
Common to both methods, an ACL needs to be created for NAT Overload.
ip access-list extended nat.overload.guests
remark --- deny nat for private addresses ---
deny ip 10.10.15.0 0.0.0.255 10.0.0.0 0.255.255.255
deny ip 10.10.15.0 0.0.0.255 172.16.0.0 0.15.255.255
deny ip 10.10.15.0 0.0.0.255 172.16.32.0 0.0.0.255
deny ip 10.10.15.0 0.0.0.255 192.168.0.0 0.0.255.255
remark --- permit other traffic ---
permit ip 10.10.15.0 0.0.0.255 any
Using a NAT Pool
While this is my preferred method, it does have a caveat. As there is no interface which has the external IP assigned, pings do the IP will result in a TTL expiry.
The first step is to create the NAT pool, I typically us the IP address for the pool name. The nat pool prefix length should be set to the actual prefix length is assigned by the ISP/provider.
ip nat pool nat-pool-1-1-1-1 1.1.1.1 1.1.1.1 prefix-length 29
Create the NAT Overload statement
ip nat inside source list nat.overload.guests pool nat-pool-1-1-1-1 overload
That’s it, now all outbound traffic from the 10.10.15.0/24 subnet will be translated to the 1.1.1.1 external IP.
Using a Loopback Interface
Create the interface and assign it the public IP address
interface Loopback0
ip address 1.1.1.1 255.255.255.255
ip nat outside
ip virtual-reassembly in
Create the NAT Overload statement
ip nat inside source list nat.overload.guests interface Loopback10 overload