Cisco T1 DSU/CSU and subinterfacing 1

[Namekian]

I have 5 public IPs and only 2 Cisco T1 DSU/CSU
WAN Interface Card (WIC-1DSU-T1-V2) cards. I was wondering if I could create subinterfaces with the 2 cards to be able to use all 5 public IPs without getting more cards? I am using a Cisco 2600 router with no mangable switch.

 

[TravisM]

What are you really trying to accomplish here? If this is a frame relay circuit that is actually connected to several other sites, then you would indeed create a serial sub-interface, but honestly that doesn't have anything to do with the IP's.

I'm going to guess this is an Internet link, correct? If you're trying to use these IP's to expose resources to the internet, I would suggest using NAT. You can use NAT to have all outbound connections pooled into one IP address, and use the other 4 to statically map specific resources (i.e. mail server, web servers, etc) out to the internet via those IPs. You can expose the machines directly also sans NAT, but I probably wouldn't suggest doing that.

 

[Namekian]

Thanks for the response.
Well, it is off a T1 link, and this company has purchased 5 public addresses to use for various reasons. Mainly they want to be able to have all the servers run off one of one address. Also, this company logs into others for service and support. These other companies want the support people to have a static IP just to go to them. In short, this company wants to have there 5 public address tied to particular IP address. Now, I know that I can use NAT and such to group the certain IPs into one basically, but how would I make the two Cisco T1 DSU/CSU WAN Interface Card that I mentioned before, change their outgoing IP based on the internal IP wanting out?

 

[TravisM]

I'm not sure you can do many-to-one NAT inbound, one external IP = one internal IP, you would probably need another device in between for inbound access like that, if it's even possible.

If you want groups of IP's or devices to look like a specific IP when they go out, though, that's possible and you'd do it with a NAT pool. Let me see if I can give you a decent example of this, I'm sure I'm going to butcher it so if any of you guys out there can help me out, please do:

So first you have to set up the NAT pool. The IP address that you place here is going to be the IP that you want the people on the other side to see, and add the proper subnet mask

ip nat pool inet-pool aaa.bbb.ccc.ddd aaa.bbb.ccc.ddd netmask 255.255.255.0

This next command completes the setup of the pool

ip nat inside source route-map nat1 pool inet-pool overload

Here you have to create a route-map to catch the IP's you want.

route-map nat1 permit 10
match ip address 110


Now you create an ACL that has the private addresses that you want to catch and make use the external IP - Just add all of the IP's that you want to this ACL, and when they go out they'll use that IP

access-list 110 permit ip 192.168.1.100 255.255.255.0 any

Is this even close to what you're looking for?

You would create another NAT pool and another route-map and ACL for each of the different address and groups that you want to use.

 

[Namekian]

I will give that a try, it seems to be able to work. Thank you for your help. I have had only the basics of working with NAT. The only issue I see developing would be the speration and isolation of the ips, since I will have to have multiple IPs on each port.