How to configure NAT with VLAN

Unanswered Question
Apr 24th, 2008
User Badges:

Hi,


My question is How can I configure NAT with Router Cisco 7200 using virtual interfaces VLAN or Loopback?


I have to configure One vlan with Private IPs and the other with public IPs


I tried with this configuration but it doesn't work. Any suggestions?


Thanks in advance


interface Loopback50

ip address 200.105.127.190 255.255.255.252

ip nat outside

ip virtual-reassembly

interface FastEthernet2/0.50

description IP Private

encapsulation dot1Q 50

ip address 192.168.1.1 255.255.255.0

ip nat inside

ip virtual-reassembly

ip route 200.105.127.188 255.255.255.252 Loopback50

ip nat inside source list 50 interface Loopback50 overload

access-list 50 permit 192.168.1.0 0.0.0.255



  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
t814687 Thu, 04/24/2008 - 19:37
User Badges:

Hi,

You can not do NAT on a loopback interface. You will have to use subinterfaces or physical interfaces on the router.

Thanks

serg

davidmejia Fri, 04/25/2008 - 07:32
User Badges:

I have to configure the Router with VLANs and I tried with subinterfaces, but it doesn`t work


Any Suggestion?


interface FastEthernet2/0.51

ip address 200.105.127.190 255.255.255.252

encapsulation dot1Q 51

ip nat outside

ip virtual-reassembly



interface FastEthernet2/0.50

description IP Private

encapsulation dot1Q 50

ip address 192.168.1.1 255.255.255.0

ip nat inside

ip virtual-reassembly



ip route 200.105.127.188 255.255.255.252 FastEthernet2/0.51


ip nat inside source list 50 interface FastEthernet2/0.51 overload

access-list 50 permit 192.168.1.0 0.0.0.255

t814687 Fri, 04/25/2008 - 08:16
User Badges:

David,


That should work...can you post debug ip nat ?


another thing to try is this:


ip nat pool ovrld 200.105.127.190 200.105.127.190 prefix 30


ip nat inside source list 50 pool ovrld overload


This will PAT all the outgoing traffic to your outside interface. Try and let me know.


serg

t814687 Fri, 04/25/2008 - 08:29
User Badges:

Also I assume you have your default route to the internet upstream neighbur on the router, right?


and I do not see you need that static route to FastEthernet2/0.51 .



serg

davidmejia Fri, 04/25/2008 - 11:29
User Badges:

Hi, serg


Well, This is the configuration of my router Cisco 7200 and the IOS is

Cisco IOS Software, c7200-js-mz.124-12c.bin

******************************************



interface FastEthernet2/0

no ip address

duplex auto

speed auto



interface FastEthernet2/0.51

ip address 200.105.127.190 255.255.255.252

encapsulation dot1Q 51

ip nat outside

ip virtual-reassembly



interface FastEthernet2/0.50

description IP Private

encapsulation dot1Q 50

ip address 192.168.1.1 255.255.255.0

ip nat inside

ip virtual-reassembly



ip route 0.0.0.0 0.0.0.0 serial0/0

ip route 200.105.127.188 255.255.255.252 FastEthernet2/0.51



ip nat inside source list 50 interface FastEthernet2/0.51 overload


access-list 50 permit 192.168.1.0 0.0.0.255


**********************************************

I turned on the debug ip nat.


Router#debug ip nat

IP NAT debugging is on

Router#


Router#sh ip nat translations


Router#


*********************************************

I tried with the other configuration that you gave me, but it still isn`t working.



ip nat pool ovrld 200.105.127.190 200.105.127.190 prefix 30


ip nat inside source list 50 pool ovrld overload


*********************************************

Router#sh ip nat translations


Router#


**********************************************

And This is the log on the Router


*Apr 25 17:11:56.454: NAT: reaping portlist proto 6 globaladdr 200.105.135.190

*Apr 25 17:12:12.246: NAT: Reserved 200.105.135.190 for PAT

*Apr 25 17:12:12.246: ipnat_add_dynamic_cfg_common: id 6, flag 5, range 1

*Apr 25 17:12:12.246: id 6, flags 0, domain 0, lookup 0, aclnum 32, aclname 50, mapname idb 0x00000000

*Apr 25 17:12:12.250: poolstart 200.105.135.190 poolend 200.105.135.190


t814687 Fri, 04/25/2008 - 12:05
User Badges:

when you turn debugging on can you generate some traffic to the outside and see if you getting anything on the console/terminal session?

Are you telnetting to the router, if yes you need "term mon" command to see the live output


default gateway does not seem right to me if you are using subniterface. What is this ip 200.105.127.188 ? your router should point to your next hop upstream router IP to get to the internet , not to this serial0/0 if I understand this correctly.

Pravin Phadte Mon, 04/28/2008 - 05:43
User Badges:
  • Silver, 250 points or more

Can you try by adding a route statement.


Ip route 192.168.1.0 255.255.255.0 fastethernet2/0.50


davidmejia Wed, 04/30/2008 - 08:29
User Badges:

I added this route but it still isn`t working


Do you have any other suggestion or configuration?

Pravin Phadte Wed, 04/30/2008 - 09:06
User Badges:
  • Silver, 250 points or more

ip route 192.168.1.0 255.255.255.0 FastEthernet2/0.50

ip route 200.105.127.188 255.255.255.252 Loopback50

ip nat pool natpool 200.105.127.190 200.105.127.190 netmask 255.255.255.252

ip nat inside source list 107 pool natpool overload

access-list 107 permit ip 192.168.1.0 0.0.0.255 any


also try if the above config does not work with this route.


ip route 200.105.127.190 255.255.255.252 FastEthernet2/0.50


Also let me know if u have any default route

Actions

This Discussion