Specify Outbound External IP with a Cisco Router

With most simple configurations the public IP for outbound traffic will be the IP of the external interface. Sometimes this is not desirable as there may be a need to have different departments or VLANs (ie, Guest VLANs) exit the network through another public IP address, one which may not have its own interface, for example, an IP provided as a framed route by the ISP.

I use the following two methods to accomplish this, one involving a NAT pool, the other using a Loopback interface.

For these examples, we will be assuming the internal subnet is and the external IP

Common to both methods, an ACL needs to be created for NAT Overload.

ip access-list extended nat.overload.guests
 remark --- deny nat for private addresses ---
 deny   ip
 deny   ip
 deny   ip
 deny   ip
 remark --- permit other traffic ---
 permit ip any

Using a NAT Pool

While this is my preferred method, it does have a caveat. As there is no interface which has the external IP assigned, pings do the IP will result in a TTL expiry.

The first step is to create the NAT pool, I typically us the IP address for the pool name. The nat pool prefix length should be set to the actual prefix length is assigned by the ISP/provider.

ip nat pool nat-pool-1-1-1-1 prefix-length 29

Create the NAT Overload statement

ip nat inside source list nat.overload.guests pool nat-pool-1-1-1-1 overload

That’s it, now all outbound traffic from the subnet will be translated to the external IP.

Using a Loopback Interface

Create the interface and assign it the public IP address

interface Loopback0
 ip address
 ip nat outside
 ip virtual-reassembly in

Create the NAT Overload statement

ip nat inside source list nat.overload.guests interface Loopback10 overload