Page 390

364 Chapter 11: Scaling IP Addresses with NAT

It would also be possible to use different portions of the Class C address for the lawyers
and those that could use the Internet and then translate only that group of addresses. An
access list could be placed on the outbound side of the serial port to block all nontranslated
addresses. Although this would be easier to accomplish from a CPU perspective than
would the previously discussed solution, either way would work.

Scenario 11-2 Answers

To allow translation of the new addresses, additional match criteria can be added to the
NAT translation access list. This scenario is simply an addition of more addresses for
translation. Because the companies were not using the same address space, nothing else
need be done.

The following NAT configuration could be used:

access-list 1 permit 10.0.0.0 0.0.0.255
access-list 1 permit 192.168.11.0 0.0.0.255
access-list 1 permit 192.168.22.0 0.0.0.255
access-list 1 permit 192.168.33.0 0.0.0.255

ip nat pool bigpool 103.112.8.30 103.112.8.30 netmask 255.255.255.0
ip nat inside source list 1 pool bigpool overload

!declare inside interface
interface e0
ip address 10.0.0.1 255.255.255.0
ip nat inside

!declare outside interface
interface s0
!address assigned to the interface by the ISP
ip address 156.108.213.2 255.255.255.250
ip nat outside

Not enough information is given to lead one to believe that anything should be done to
consolidate address space. As it stands, both companies are using the private space which
is easily controlled and routed. As they say, if it ain't broke, don't fix it.

Scenario 11-3 Answers

To provide immediate connectivity, you can use the overlap feature in NAT. This would
enable the ABC and XYZ companies to coexist during a transition.

The following NAT configuration could be used, given a selection of 192.168.1.0/24 as
the internal addresses used:

ip nat pool XYZ-in 192.168.1.2 192.168.1.254 prefix-length 24
ip nat pool ABC-out 192.168.2.2 192.168.2.254 prefix-length 24