One Router - many IPs

[Namekian]

I have a Cisco 2600 router and am having major difficulty in setting it up. The problem is this, I have 2 ethernet ports and two wan ports on the router. I have one line coming from the wall. I have leased 5 public IPs from my ISP and all 5 need to be used.

The problem is this, I have a total of 13 private addresses that the router will need to handle, this can be changed if needed. How, if possible, can I set the ethernet ports to handle 7 different IPs all at once?

Subinterfaces don't seem to work, and I know you can create a secondary IP on each interface, but 4 IPs won't cut it. Also since I have only have one line coming in, I will need to configure one of my wan ports to handle 5 differnet IPs. Any suggestions?

 

[ChrisAC]

Why do you need to use all 5 IP addresses? You could just NAT all your LAN traffic out via one IP address.

Chris.


**********************
Chris Andrew, CCNA, CCSA
chris@iproute.co.uk
**********************

 

[Namekian]

Thanks for the response,

Well, the network will be doing quite a bit of VPNing, and some companies are demanding that we basically have an IP set aside to connect with them, one that doesn't do anything else. Plus this network has some servers that need to be on a different IP then the rest of the network.

Anyhow, I think I have found a solution. This isn't my first choice, but I can just create multiple secondary IPs on my interface and just really get nasty with NAT, Route-map, and ACLs.

If anyone can come up with a better solution, short of buying more equippment, please let me know.

 

[ChrisAC]

You don't need to create secondary interfaces. Your external interface has the first IP address. You can then create NAT statements for any servers using the remaining addresses.

int serial0
ip address 111.111.111.111 255.255.255.248
ip nat outside
!
int fa0/0
ip address 172.16.1.1 255.255.255.0
ip nat inside
!
ip nat inside source static 172.16.1.2 111.111.111.112 extendable

etc...

Chris.

**********************
Chris Andrew, CCNA, CCSA
chris@iproute.co.uk
**********************

 

[Namekian]

It isn't just servers. The network needs to be divided up into at least 7 different networks. All the servers are on one network using one external IP, there will be an ISA server to route to whatever box is being accessed, within that network.

And when I mean external interfaces I mean the WAN interfaces. They are set, and can only be set by one IP address, without using secondary IP address. So I wouldn't be able to static route what I need to unless it was set with secondarys.

Yes, I probably could just find along winded way of routing the individual IPs, all 101 of them, so that they would go out with a particular IP, but anyother ACL I place on them would be a pain. I much rather keep them in seperate networks.

With this those machines with the static address will only be able to get out using a certain IP.

Here is an example of how I did it. It seems to work, but if you, or anyone, have a better means let me know.

ip nat pool net-1 172.16.16.146 172.16.16.158
netmask
255.255.255.240
ip nat inside source route-map nat1 pool net-1 overload
ip nat inside source static 172.16.16.145 172.16.17.33
ip nat inside source static 172.16.17.33 3.3.3.3
ip access-list extended WORD
permit ip host 172.16.17.148 host 1.1.1.1
access-list 110 permit ip 172.16.16.144 255.255.255.0
any
route-map nat1 permit 1
match ip address 110

Yea, it seems rather redundent, what doing this for all the static IPs I would be using, but it seemed to be the only way to do it.

 

[ChrisAC]

I still don't really see why you need to create separate networks or what you are trying to achieve, but do whatever feels right for yourself.

Chris.

**********************
Chris Andrew, CCNA, CCSA
chris@iproute.co.uk
**********************

 

[Namekian]

I can see were you are coming from, the seperate networks are there just to make life easier for setting up DHCP, Domain server, and other security settings within the network.

However I think you have provided away to make things easier. You wouldn't happen to know how to nat a range of IPs using
ip nat inside source static 172.16.1.2 111.111.111.112
extendable
If I can do that then it wouldn't matter if they were on differen't networks or not.

 

[ChrisAC]

Use the "ip nat pool WORD <first-ip> <last-ip>" command. When applied to an internal network the first host will get the first IP address, the second will get the next one etc, until you run out of IP addresses and so the remaining clients will be PATed to the last address.

Chris.

**********************
Chris Andrew, CCNA, CCSA
chris@iproute.co.uk
**********************