how many ips can be listed within the ip src nat pool for natted connections? We’d like to provide nat on outbound traffic, and have the outbound traffic spread across hundreds of ips if possible. i was able to use 15 and it was working, i am just not sure if there is a limit i should be aware of. also, currently i’ve had to add each of the ip addresses to the interface on the router with a /32 - is there a way around having to add each individual ip? -the router is the originator of the traffic, not clients behind it.
You should be able to add the whole subnet using whatever subnetmask necessary for the network.
ex: 10.0.0.0/16 would encompass 10.0.0.0 - 10.255.255.255
So your src-nat config should look something like this:
0 ;;; src-nat test
src-address=10.0.0.0/16 action=nat to-src-address=aaa.bbb.ccc.ddd - eee.fff.ggg.hhh
where aaa.bbb.ccc.ddd - eee.fff.ggg.hhh are your public addresses.
One thing though, when you’re doing a whole subnet like that I believe you need to use masquerade as the action instead of NAT. I think NAT is more for single addresses if I recall the admin config guide correctly…
currently i’ve had to add each of the ip addresses to the interface on the router with a /32 - is there a way around having to add each individual ip? -the router is the originator of the traffic, not clients behind it.
I’m sorry I forgot to mention that. You also have to add the IP addresses you’re NATing to the WAN interface on the router in order for the NAT rules to work… I’m not sure if you can add a whole subnet to an interface unless its done one at a time. I could be wrong though, try it out?
Does it matter if they are advertised right on the wire or if they are routed? Is one preferred over the other? Basically Level3 can give us a /24 if we need for this project, I am just wondering if I should have them route them to us, or advertise them on their gateway.