5 Replies Latest reply: Aug 25, 2012 7:47 AM by cammy RSS

    NAT Pool Addresses and IP address of outside interface?


      Hello All,


      I'm reviewing the CCNA Skills Review Topology from, "31 Days Before Your CCNA Exam," and I need clarification concerning:


      The book has an NAT outside interface leading to an ISP using PPP with an pool of addresses from: -

      However, the IP address of the outside interface is:

      Is this possible?  How is it, that the IP address on the interface, can reside in an different subnet, than the NAT Pool of addresses on the same interface?  Is IOS intelligent enough to handle this? How does the ISP router, "route" data to an interface with more than one subnet hanging-off of it?



        • 1. Re: NAT Pool Addresses and IP address of outside interface?

          Hi Vlan


          This is a guess sometimes you can ask an ISP for a fixed static pool. You get the normal IP address in one range and a group in another.

          Since you are NATing your source address the ISP recognises it from your paid pool and will send traffic back to the normal interface.

          This is a guess it could also be a typing error.


          Regards Conwyn

          • 2. Re: NAT Pool Addresses and IP address of outside interface?
            Chris Buscemi

            The ISP router would route the packets the same way that any router would. By that, I mean a router can have routes to several different subnets all pointing to the same router, some of which may be connected to that router, others may not.


            The ISP's router would just have to know that all of those IP addresses are to be routed to the interface configured on the router. The router that is running NAT would then just do the appropriate translating.


            I could be wrong, but you should be able to use any pool of NAT addresses, regardless of the configured address on the interface, as long as all of the addresses in the pool are good public addresses. And, like Conwyn said, that is all between you and the ISP.




            • 3. Re: NAT Pool Addresses and IP address of outside interface?
              Paul Stewart  -  CCIE Security



              If the ip address pool is a shared space with the outside interface, the ISP will share the route information with the interface.  For example, if the outside address could and the pool happened to be, and the  gateway at the ISP could be  Then the ISP would see anything at 1.1.1.x as directly connected to that router and would distribute that route within their infrastructure.  If this happens to be an ethernet interface, it will arp for each IP address and receive a value for the outside MAC address.


              If the IP address pool is separate from the interface address space, the ISP will simply route anything to the address space of the pool to the IP address assigned to the interface.  In either case, the router doesn't care because this only has to do with how the packets are framed at layer 2.  The frames make it to the router based on being framed at layer to for the destination of the outside interface (in either case).  The NAT process will do the address manipulation as it is received at the interface with the "ip nat outside" statement.  This is a difficult concept to explain, but the fact that you asked the question shows that you understand some quite important concepts.

              • 4. Re: NAT Pool Addresses and IP address of outside interface?

                Hi Chris,


                Thanks for clarifying my stupidity!  I'm having an Homer Simpson moment...DOH!  You're absolutely correct, as long as the ISP router has routes to those networks associated with an interface or next hop, routing will happen.  In this case, the ip classless(on by default), and no auto-summary(on by default since 12.2(8)T would come into play.




                Thank you as well for your answer!




                Thank you as well, and I appreciate the level of detail!

                • 5. Re: NAT Pool Addresses and IP address of outside interface?

                  Thanks for posting this.  I was looking at a similar NAT example and wondering how it could possibly work.