Intervlan Routing with NAT

Unanswered Question
Sep 23rd, 2007

Hi have 7206 with 2 fa port. Port 1 and is connected to my ISP router. While port 2 is connected to a layer 2 switch going to my LAN. I configured my switch with dot1q trunking and 7206 router's fa4/0 with dot1q encapsulation. Trunking is working fine.

But my objective is to run a NAT static and dynamic, but what happens is that no translations are being made. I believe that the router should be able to reach other vlans. But i cannot think why the translation is not working. Can you feed me some answers? Thanks in advance.

Below are my config on 7206 router

interface FastEthernet4/0.1

encapsulation dot1Q 1 native

ip address 203.x.x.129

ip nat outside


interface FastEthernet4/0.2

encapsulation dot1Q 2

ip address

ip nat inside


ip nat inside source list 10 interface FastEthernet4/0.1 overload


access-list 10 permit

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
JORGE RODRIGUEZ Sun, 09/23/2007 - 09:56

Hi Rick, try doing it as:

ip nat pool mypool netmask

ip nat inside source list 10 pool mypool overload

access-list 10 permit log

[edit] if you want to do static nat between the inside and outside use the " ip nat inside source static 192.168.11.x 203.82.38.y where "x" is the specific inside host and "y" is the allocated external address for the static nat translation.



Edison Ortiz Sun, 09/23/2007 - 10:06

Per your config, it seems both the ISP and the Layer2 switch are connected to your router on the same physical interface (Port F4/0).

This is an odd configuration where you are tagging packets for translation as the come in and as they exit on the same physical interface.

JORGE RODRIGUEZ Sun, 09/23/2007 - 10:13

Edison but I think theorically the translation shoudl occor, the subinterfaces have the nat inside/outside option, I don't tink it nessesarily need to have a dedicated phycial interface for the inside/outside I could be wrong then.


worldcalltel Sun, 09/23/2007 - 23:40

I did all you suggested but I'm still getting the same results. Any ideas on what is going on?

worldcalltel Mon, 09/24/2007 - 01:52


I added up the route-map command. Unfortunately, it was still failing. I do try to use the debug ip nat, and nothing happen, as if the translation is not really not working, but the layer 1 connection of each devices are working well.

access-list 10 permit

route-map primary-nat permit 10

match ip address NAT 10

set ip next-hop 206.x.x.14

Edison Ortiz Mon, 09/24/2007 - 03:53

How the layer1 connection is made when both devices are going to the same physical port ?

Can you post the show ip nat translation and show ip nat stat output ?

JORGE RODRIGUEZ Mon, 09/24/2007 - 12:10

Rick, this is a totaly new issue from your original post with just NATing which was proved by EdisonOrtiz to work, you did not throw PBR in this equation . What router advertizes the 206.x.x.14, is 206.x.x.14 another interface on the SP router ? please post the whole 7206 router config and indicate what role does 206.x.x.14 have.


ohassairi Mon, 09/24/2007 - 03:30

i think the interface connected to your ISP (what you called port1) should be ip nat outside.

can you paste your default route?


This Discussion