I have a 7301 router that talks to a 7604 router via a public WAN interface. Behind the 7301 is a private network (dot1q). This private network makes its way over the WAN link to the 7604, and there its routed to an appliance that NATs it.
I want to see if its possible to NAT right at the 7301. The 7301 already routes out perfectly over its WAN interface.
Its kind of a weird config, so here are the key interfaces on the
7301:interface Loopback0 ip address 172.17.0.8 255.255.255.255 ! interface GigabitEthernet0/0 ip address 206.252.161.9 255.255.255.252 ! interface FastEthernet1/0 description Cisco 2955 no ip address ! interface FastEthernet1/0.2 description MGMT_VLAN2 encapsulation dot1Q 2 ip address 172.17.24.1 255.255.252.0 ! interface FastEthernet1/0.200 description Client Network Vlan 200 encapsulation dot1Q 200 ip address 10.10.128.1 255.255.224.0 ! ip route 0.0.0.0 0.0.0.0 206.252.161.10 250
Fe1/0 goes to a Cisco 2955. That device is where all the Vlan 2 devices are connected (172.X). The Vlan 2 devices are Wireless access points. Vlan 2 is the outside interface, the inside network of these Wifi AP's is Vlan 200 (10.10.X). All the clients have IPs like
10.10.128.8, and 10.10.129.56, and so on.I would like to ip nat the 10.10.128.X to a public address right on the 7301. The only available public IP address I have is the
206.252.161.9 which is assigned to Gi0/0. Is it possible to NAT out using the ip address assigned to this interface. The examples I see online always have a special pool.My initial thoughts were to simply apply "ip nat inside" to the Fe1/0.200, then apply "ip nat outside" to the Gi0/0. But I'm not sure what to use for my "ip nat" command in global config - especially since I am unsure if the one IP address is enough?