You should be able to use your normal pool and overload command, eg ip nat inside source list 1 pool POOL overload,
You pool, for eg is 192.168.0.60->10.168.0.99, then the first 39 IP's would be used for NAT, and the last will be use for PAT =?iso-8859-1?q?ciscoGo2002?= wrote: > > Hello friends, > > Thankyou for your answeres, but I have more doubts: > > Config: > > ip nat inside source list 1 pool POOL overload > > If have understood your answers, the router start > doing PAT with the first IP address and doesn't takes > the next avalaible public IP address until PAT is > exhausted with the first IP address, right?? But if > this is the way it works I think we never use the rest > of the public IP's in the pool because there are not > enough clients to exhaust PAT with the first IP... I > think it will be much better if the router starts > doing PAT and after the pool is exhausted. > > I cannot do NAT 1:1 and reserve one public IP to do > PAT, because I don't want to give the same IP to a set > of clients and not to another... > > Is it really the way that "overlad" works inside a > pool??? Please, I am very curious... > > I don't have a router to play, so I cannot test > this on myself..... > > Thanks friends... > > > > Por favor, responda a "Adam" > Enviado por: [EMAIL PROTECTED] > Destinatarios: [EMAIL PROTECTED] > CC: > Asunto: Re: Re: PAT AFTER NAT...IS IT POSSIBLE??? > [7:66672 > > This is what I have run into in the past and I was > almost certain that it > was not possible. I set it up in the lab here with > various configs and had > the same result. > As far as I was told in the last routing update I > attended at our local > cisco office, the SE's there confirmed that the PIX > can be defined with a > NAT Pool of addresses and then have the same pool > statement entered only > this time specifying the same address (ie. PAT) as an > overload. They > confirmed that the IOS router code does not function > like this and that you > would have to statically NAT those addresses that you > wanted 1:1 on and then > have a blanket PAT (overload) statement in to cover > the rest. > In the case of the original question with wanting to > NAT 128 clients 1:1 and > then have PAT for the rest, this would require a lot > of configuration and to > guarantee that 1:1 would occur (or to at least keep > track of it) you would > require static IPs on the clients wishing to 1:1 NAT. > Hope I'm not flying way offline here but I believe > this is the only way > possible with an IOS router. > > Cheers > > > I've found that you cannot do this, at least not > when you do nat to a pool > > of addresses. You have to do static nat, then > overload the rest. I tried > > adding overload to the end of my existing nat > statment with the pool, it > > started PATing the addresses from the beginning. > Instead of using the 1:1 > > from the pool, then pating anything beyond that. > > > > ""Lee Carter"" wrote in message > > news:[EMAIL PROTECTED] > > > Yes you can just take your nat statement (ip nat > inside source list 1...) > > > and add the word overload on the end of the > command. > > > > > > You will use a 1:1 NAT for the first set of users. > Once your IP's are > used > > > up you will use PAT. It is important to note that > some issues arise with > > PAT > > > versus NAT like IPSEC or DLSW. > > > > > > just an fyi. > -- > Composed with Newz Crawler 1.3 > http://www.newzcrawler.com/ > [EMAIL PROTECTED] > > > ___________________________________________________ > Yahoo! Messenger - Nueva versisn GRATIS > Super Webcam, voz, caritas animadas, y mas... > http://messenger.yahoo.es > > Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=66740&t=66734 -------------------------------------------------- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
