×

Warning message

  • Cisco Support Forums is in Read Only mode while the site is being migrated.
  • Cisco Support Forums is in Read Only mode while the site is being migrated.

NAT NVI help

Unanswered Question
Dec 8th, 2013
User Badges:

Hello Everyone,

    

     Looking at this configuration would it be correct to say that the 50.50.50.17 subnet (Subinterface 50) would not be translated due to that it does not have the "ip nat enable" command when it exits fa0/1 (eventhough ip nat enable is turned on for this interface)? Or because of the command on fa0/1 does the address have to translate?


interface FastEthernet0/0
no ip address

interface FastEthernet0/0.1
description VLAN to xxxxxxx
encapsulation dot1Q 1 native
ip address 10.1.1.1 255.255.255.0
ip access-group 101 in

ip nat enable

interface FastEthernet0/0.5
description VLAN to yyyyyyy

encapsulation dot1Q 5
ip address 10.1.5.1 255.255.255.0
ip access-group 105 in
ip nat enable

interface FastEthernet0/0.50
description VLAN to Global Handoff
encapsulation dot1Q 50
ip address 50.50.50.17 255.255.255.240
ip access-group 150 in

interface FastEthernet0/0.99
description VLAN to zzzzzzzzz
encapsulation dot1Q 99
ip address 10.1.99.1 255.255.255.0
ip access-group 199 in
ip nat enable

interface FastEthernet0/1
ip address 50.50.50.2 255.255.255.252
ip nat enable
                   

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
John Blakley Mon, 12/09/2013 - 05:50
User Badges:
  • Purple, 4500 points or more

With nat, there has to be two interfaces involved. The two interfaces, that you have listed are fa0/0 and fa0/1 (minus the subinterfaces on fa0/0). That being said, the configuration that you have is not directional specific (the older way is using "ip nat inside" and "ip nat outside"). You have fa0/1 as nat enable, and according to what you're saying this is the exit interface. That's just half the puzzle. You still need an "inside" interface which is where "ip nat enable" would come into play on your subinterface. Since that doesn't exist, this interface would NOT nat out as the 50.50.50.2 address.



HTH,
John

*** Please rate all useful posts ***

Actions

This Discussion