Hi Jon,

Here's the output

sh ip nat translations

Pro Inside global Inside local Outside local Outside global

--- 10.44.156.16 10.45.170.23 --- ---

As you can see it's not showing up.

How can I test the source from the router running the nat translation?

I'm quite sure no other NAT translation is occurring within the network.

Regarding the routing, I've added the following:

ip route 10.28.20.192 255.255.255.224 10.28.20.130 tag 44

10.28.20.130 is a router not owned by us, but will route to that address i.e 10.28.20.200.

I hope this helps.

Thanks

Dan

Dan

Firstly are you getting any hits on your access-list "nat-list"

Secondly to get to 10.28.20.130 does the switch use vlan 100 interface. What is the IP address on vlan 100 ?

Jon

Hi,

I'm not getting any hits on the access list - is this indicative of anything?

The ip address is:

10.28.20.190 255.255.255.192

Dan.

Dan

No hits means your switch is not seeing any traffic from source addresses 10.5.70.x going to host 10.28.20.200.

Are you sure that traffic coming from 10.5.70.x would enter the switch on vlan 200 ?

Jon

Thanks for the tip.I'm having al ok now and initially it looks like you may be right.

I'll let you know.

Thanks

Dan

Hi

Ok I've just verified and you were right. we had some strange routing occurring where this route was being routed into the router via another vlan. I've added the "ip nat inside" rule to that vlan interface.

I'm now getting hits on the access list - which is great, but the nat is still listed as inactive.

Any thoughts on this please?

Thanks

Dan

Dan

Can you post the ouput of "sh ip route 10.28.20.200" from your switch.

Jon

# sh ip route 10.28.20.200

Routing entry for 10.28.20.192/27

Known via "static", distance 1, metric 0

Tag 44

Redistributing via eigrp 100

Advertised by eigrp 100 metric 10 10 255 1 1500 route-map static-2-eigrp

Routing Descriptor Blocks:

* 10.28.20.130

Route metric is 0, traffic share count is 1

Dan

Could you try just natting the source IP addresses to the vlan 100 interface and see if that gets any hits ie. replace

ip nat inside source list nat-list pool nat-pool overload

with

ip nat inside source lits nat-list interface vlan100 overload

Jon

Hey,

I just tried it, but it didn't make any difference. It's still not listed as active nor does it appear in the translations output.

Any thoughts?

Thanks

Dan

Dan

Are you absolutely sure that traffic is exiting vlan 100 to get to the 3rd party router. Could you perhaps do a quick topology layout ?

Jon

Hi Jon,

I realised what it was, it was an access list on the vlan interface which I forgot to mention to you, my fault.

Thanks for your help though.

Dan

Dan

No problem, glad you got it working in the end.

Jon