communication between vlan and outside

Unanswered Question
Jan 11th, 2010

Hi,

I have a problem with my vlan, I have crated a vlan using cisco catalyst 2960, inside that vlan I have a particular computer (10.1.1.254) that I want it to communicate with the outside, from that computer I can ping the outside that is 172.16.1.0 255.255.255.0, but from the outside, I canot reach that computer, below are configurations of  router and switch.

Router configuration

Building configuration...

Current configuration : 849 bytes
!
version 12.4
no service password-encryption
!
hostname rle_siege
!
!
enable secret 5 $1$mERr$5dgad4i7JjcA5bc3fzMg0.
!
!
!
!
ip ssh version 1
!
!
interface FastEthernet0/0
description WAN
ip address 172.16.1.1 255.255.255.0
duplex auto

speed auto
!
interface FastEthernet0/1
description LAN
ip address 192.168.0.1 255.255.255.128
ip nat outside
duplex auto
speed auto
!
interface FastEthernet0/1.2
encapsulation dot1Q 2
ip address 10.1.1.1 255.255.255.0
ip access-group 1 in
ip access-group 2 out
ip nat inside
!
interface Vlan1
no ip address
!
ip nat inside source static 10.1.1.254 192.168.0.30
ip classless
!

!
!
line con 0
password xxxxx
login
line vty 0 4
password xxxxx
login
!
!
end

switch configuration

Building configuration...

Current configuration : 1216 bytes
!
version 12.2
no service password-encryption
!
hostname Switch
!
!
!
interface FastEthernet0/1
switchport access vlan 2
switchport mode access
!
interface FastEthernet0/2
switchport access vlan 2
switchport mode access
!
interface FastEthernet0/3
!
interface FastEthernet0/4

switchport mode trunk
!
interface FastEthernet0/5
switchport access vlan 2
switchport mode access
!
interface FastEthernet0/6
switchport access vlan 3
switchport mode access
!
interface FastEthernet0/7
!
interface FastEthernet0/8
!
interface FastEthernet0/9
!
interface FastEthernet0/10
!
interface FastEthernet0/11
!
interface FastEthernet0/12

!
interface FastEthernet0/13
!
interface FastEthernet0/14
!
interface FastEthernet0/15
!
interface FastEthernet0/16
!
interface FastEthernet0/17
!
interface FastEthernet0/18
!
interface FastEthernet0/19
!
interface FastEthernet0/20
!
interface FastEthernet0/21
!
interface FastEthernet0/22
!
interface FastEthernet0/23

!
interface FastEthernet0/24
switchport mode trunk
!
interface GigabitEthernet1/1
!
interface GigabitEthernet1/2
!
interface Vlan1
ip address 10.1.100.1 255.255.255.0
!
ip default-gateway 192.168.0.1
!
line con 0
!
line vty 0 4
login
line vty 5 15
login
!
!
end

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Average Rating: 0 (0 ratings)
ganeshh.iyer Mon, 01/11/2010 - 23:42

Hi,

Are you pinging the direct ip 10.1.1.254 or the natted one which is there in your router and you have configured access group in you interface which access list is binded with the interface.

Regards

Ganesh.H

habibnoubissi Tue, 01/12/2010 - 00:09

When I ping the address 10.1.1.254 it is ok, but when I ping the nat address 192.168.0.30, it is not ok. the acces list wich are binded to interface are:

!
access-list 1 permit host 10.1.1.254
access-list 2 permit 172.16.1.0 0.0.0.255
!

thanks.

ganeshh.iyer Tue, 01/12/2010 - 00:15

Hi,

Can you try remove this ip access-group 2  out from interface and then check and also when you ping the natt ip share the show ip nat translation on router.

HTH

Regards

Ganesh.H

habibnoubissi Tue, 01/12/2010 - 00:31

Thank you for your support,

I removed the ip acces-group 2 ont the router, it is still not ok, this is the output of sh ip nat translation:

rle_siege#sh ip nat translations
Pro  Inside global     Inside local       Outside local      Outside global
---  192.168.0.30      10.1.1.254         ---                ---

thanks

ganeshh.iyer Tue, 01/12/2010 - 01:35

Hi,

Just drop a reverse route in router for 10.1.1.0/24 towards 192.168.0.1 and then check !!

HTH

Regards

Ganesh.H

mlund Wed, 01/13/2010 - 01:25

Hi

You wrote "  I can ping the outside that is 172.16.1.0 " , but interface fa0/0 is missing the nat statement.

Try to do " ip nat outside" on fa0/0.

/Mikael

Actions

Login or Register to take actions

This Discussion

Posted January 11, 2010 at 11:13 PM
Stats:
Replies:6 Avg. Rating:
Views:630 Votes:0
Shares:0
Tags: No tags.

Discussions Leaderboard

Rank Username Points
1 15,007
2 8,155
3 7,745
4 7,088
5 6,747
Rank Username Points
135
83
80
69
38