cancel
Showing results forĀ 
Search instead forĀ 
Did you mean:Ā 
cancel
3113
Views
0
Helpful
22
Replies

891 router NAT setup

evil_root
Level 1
Level 1

Hello.

I've got working PAT, but absolutely not sure how to perform additional task.

ip cef   

no ip bootp server

no ipv6 cef

interface FastEthernet8

ip address 192.168.1.141 255.255.255.0

duplex auto

speed auto

!       

!        

interface GigabitEthernet0

ip address 194.56.32.5 255.255.255.0

ip nat outside

ip virtual-reassembly

duplex auto

speed auto

!       

!        

interface Vlan1

description $ETH-SW-LAUNCH$$INTF-INFO-FE 1$

ip address 10.10.10.1 255.255.255.0

ip nat inside

ip virtual-reassembly

ip tcp adjust-mss 1452

!       

!        

ip forward-protocol nd

ip http server

ip http authentication local

ip http secure-server

ip http timeout-policy idle 60 life 86400 requests 10000

ip nat inside source list 10 interface GigabitEthernet0 overload

ip route 0.0.0.0 0.0.0.0 194.56.32.25

access-list 10 permit 10.10.10.0 0.0.0.255

no cdp run

Network diagram attached.

Is there a way to route Vlan1 (bypassing PAT) to a server in 192.168.1.0/24 network via Fa8 (let's say,

192.168.1.41)?

Thank you.

1 Accepted Solution
22 Replies 22

cadet alain
VIP Alumni
VIP Alumni

Hi,

you've got nothing special to do on the router as this 192.168.1.0/24 is directly connected.

Regards.

Alain

Don't forget to rate helpful posts.

Vlan 1 can't even ping Fa8 network. Looks like i need some kind of policy to nat all requests to 192.168.0/24 via Fa8 instad of default Gi0...

Hi,

Can you post sh ip route and sh ip int br.

Regards.

Alain

Don't forget to rate helpful posts.

Gateway of last resort is 194.56.32.250 to network 0.0.0.0

S*    0.0.0.0/0 [1/0] via 194.56.32.250

      10.0.0.0/8 is variably subnetted, 4 subnets, 2 masks

C        10.10.10.0/24 is directly connected, Vlan1

L        10.10.10.1/32 is directly connected, Vlan1

C     192.168.1.0/22 is directly connected, FastEthernet8

      192.168.1.0/32 is subnetted, 1 subnets

L        192.168.1.141 is directly connected, FastEthernet8

      194.56.32.0/24 is variably subnetted, 2 subnets, 2 masks

C        194.56.32.0/24 is directly connected, GigabitEthernet0

L       194.56.32.5/32 is directly connected, GigabitEthernet0

Interface                  IP-Address      OK? Method Status                Protocol

Async1                     unassigned      YES NVRAM  down                  down   

FastEthernet0              unassigned      YES unset  up                    up     

FastEthernet1              unassigned      YES unset  up                    up     

FastEthernet2              unassigned      YES unset  down                  down   

FastEthernet3              unassigned      YES unset  down                  down   

FastEthernet4              unassigned      YES unset  down                  down   

FastEthernet5              unassigned      YES unset  down                  down   

FastEthernet6              unassigned      YES unset  down                  down   

FastEthernet7              unassigned      YES unset  down                  down   

FastEthernet8              192.168.1.141    YES NVRAM  up                    up     

GigabitEthernet0           194.56.32.5   YES NVRAM  up                    up     

NVI0                       192.168.1.141    YES unset  up                    up     

Vlan1                      10.10.10.1      YES NVRAM  up                    up     

Eugene Chumanov wrote:

Gateway of last resort is 194.56.32.250 to network 0.0.0.0

...
C     192.168.1.0/22 is directly connected, FastEthernet8  <<<<<

      192.168.1.0/32 is subnetted, 1 subnets

....


192.168.1.0/22 in the show ip route doesn't match the interface configured with 192.168.1.0/24.

Try rewriting the Fa8 confguration and see if the two are consisent then.

Like Alain says this is a routing issue. NAT is not involved since there is no NAT configured on Fa8.

To see who can reach where:

1: From a host in vlan 1.

    Ping 10.10.10.1

    Ping 192.168.1.141

    Ping a host in 192.168.1.0/24

2: From the router

    Ping the host in 10.10.10.0/24

    Ping the host in 192.168.1.0/24

    ping 10.10.10.x source 192.168.1.141

    ping 192.168.1.x source 10.10.10.1

3: From a host in Fa8

    Ping 192.168.1.141

    Ping 10.10.10.1

    Ping a host in 10.10.10.0/24

evil_root
Level 1
Level 1

Is there a way to set up 2 nat pools?

1st pool - 192.168.1.0/24 network

2nd pool - all except 192.168.1.0/24 network?

Tnahk you

Hi,

yes you can do that with route-maps but it should be working without NAT.

For NAT to work routing must be working first so it's a chicken and egg problem 

Can you post the outputs I asked before.

Regards.

Alain

Don't forget to rate helpful posts.

Can you help me please. I am trying to run BGP and NAT but for some reason my NAT translations is not working.

Hi,

Can you start a new thread and post your topology as well as config.

Regards.

Alain

Don't forget to rate helpful posts.

evil_root
Level 1
Level 1

Hello

1: From a host in vlan 1.

    Ping 10.10.10.1                     - OK

    Ping 192.168.1.141                - OK

    Ping a host in 192.168.1.0/24  - 100% loss

2: From the router

    Ping the host in 10.10.10.0/24 - 100% loss

    Ping the host in 192.168.1.0/24 - OK

    ping 10.10.10.x source 192.168.1.141 - 100% loss

    ping 192.168.1.x source 10.10.10.1 - 100% loss

3: From a host in Fa8

    Ping 192.168.1.141 - OK

    Ping 10.10.10.1      - 100% loss

    Ping a host in 10.10.10.0/24 - 100%loss

S*    0.0.0.0/0 [1/0] via 194.56.32.250

      10.0.0.0/8 is variably subnetted, 4 subnets, 2 masks

C        10.10.10.0/24 is directly connected, Vlan1

L        10.10.10.1/32 is directly connected, Vlan1

C     192.168.1.0/24 is directly connected, FastEthernet8

      192.168.1.0/32 is subnetted, 1 subnets

L        192.168.0.41 is directly connected, FastEthernet8

      194.56.32.0/24 is variably subnetted, 2 subnets, 2 masks

C        194.56.32.0/24 is directly connected, GigabitEthernet0

L        194.56.32.5/32 is directly connected, GigabitEthernet0

Interface                  IP-Address      OK? Method Status                Protocol

Async1                     unassigned      YES NVRAM  down                  down   

FastEthernet0              unassigned      YES unset  up                    up     

FastEthernet1              unassigned      YES unset  up                    up     

FastEthernet2              unassigned      YES unset  down                  down   

FastEthernet3              unassigned      YES unset  down                  down   

FastEthernet4              unassigned      YES unset  down                  down   

FastEthernet5              unassigned      YES unset  down                  down   

FastEthernet6              unassigned      YES unset  down                  down   

FastEthernet7              unassigned      YES unset  down                  down   

FastEthernet8              192.168.1.141    YES NVRAM  up                    up     

GigabitEthernet0           194.56.32.5   YES NVRAM  up                    up     

NVI0                       192.168.1.141    YES unset  up                    up     

Vlan1                      10.10.10.1      YES NVRAM  up                    up     

Thank you.

Hi,

You've still got that weird output:

C     192.168.1.0/24 is directly connected, FastEthernet8

      192.168.1.0/32 is subnetted, 1 subnets

L        192.168.0.41 is directly connected, FastEthernet8

Can you delete ip address from this interface and put it back on then repost sh ip route and redo your tests and if it is still failing then redo your pings from the router( not the extended ones) and debug arp + debug ip pack detail

sending all logs to buffer with logg buffered debugging and logg buffered 10000

then show log and post output.

Regards.

Alain.

Don't forget to rate helpful posts.

evil_root
Level 1
Level 1

OK. I had re-setup dhcp on router (vlan1) and added fa8 to live network with other addresses.

Pings are still not coming through.

In addition: Fa8 is a wan interface like Gi0

Does this matter?

Log shows nothing but activity on fa8:

Nov 18 16:31:08.371: IP ARP: rcvd req src 192.168.2.17 90e6.baf6.aa63, dst 192.168.0.20 FastEthernet8

Nov 18 16:31:08.371: IP ARP: rcvd req src 192.168.0.20 0025.9018.bbfe, dst 192.168.2.17 FastEthernet8

Nov 18 16:31:08.747: IP ARP: rcvd req src 192.168.3.162 0019.db5e.0581, dst 192.168.1.195 FastEthernet8

Nov 18 16:31:08.759: IP ARP req filtered src 192.168.3.162 0019.db5e.0581, dst 192.168.1.195 0000.0000.0000 wrong cable, interface Vlan2

Nov 18 16:31:08.759: IP ARP req filtered src 192.168.0.20 0025.9018.bbfe, dst 192.168.1.152 0000.0000.0000 wrong cable, interface Vlan2

sh ip int fa8

FastEthernet8 is up, line protocol is up

  Internet address is 192.168.0.41/22

  Broadcast address is 255.255.255.255

  Address determined by non-volatile memory

  MTU is 1500 bytes

  Helper address is not set

  Directed broadcast forwarding is disabled

  Outgoing access list is not set

  Inbound  access list is not set

  Proxy ARP is enabled

  Local Proxy ARP is disabled

  Security level is default

  Split horizon is enabled

  ICMP redirects are always sent

  ICMP unreachables are always sent

  ICMP mask replies are never sent

  IP fast switching is enabled

  IP fast switching on the same interface is disabled

  IP Flow switching is disabled

  IP CEF switching is enabled

  IP CEF switching turbo vector

  IP multicast fast switching is enabled

  IP multicast distributed fast switching is disabled

  IP route-cache flags are Fast, CEF

  Router Discovery is disabled

  IP output packet accounting is disabled

  IP access violation accounting is disabled

  TCP/IP header compression is disabled

  RTP/IP header compression is disabled

  Policy routing is disabled

  Network address translation is disabled

  BGP Policy Mapping is disabled

  Input features: MCI Check

  WCCP Redirect outbound is disabled

  WCCP Redirect inbound is disabled

  WCCP Redirect exclude is disabled

sh ip int Vlan1

Vlan1 is up, line protocol is up

  Internet address is 10.20.11.1/24

  Broadcast address is 255.255.255.255

  Address determined by non-volatile memory

  MTU is 1500 bytes

  Helper address is not set

  Directed broadcast forwarding is disabled

  Outgoing access list is not set

  Inbound  access list is not set

  Proxy ARP is enabled

  Local Proxy ARP is disabled

  Security level is default

  Split horizon is enabled

  ICMP redirects are always sent

  ICMP unreachables are always sent

  ICMP mask replies are never sent

  IP fast switching is enabled

  IP fast switching on the same interface is disabled

  IP Flow switching is disabled

  IP CEF switching is enabled

  IP CEF switching turbo vector

  IP Null turbo vector

  IP multicast fast switching is enabled

  IP multicast distributed fast switching is disabled

  IP route-cache flags are Fast, CEF

  Router Discovery is disabled

  IP output packet accounting is disabled

  IP access violation accounting is disabled

  TCP/IP header compression is disabled

  RTP/IP header compression is disabled

  Policy routing is disabled

  Network address translation is enabled, interface in domain inside

  BGP Policy Mapping is disabled

  Input features: Stateful Inspection, Virtual Fragment Reassembly, Virtual Fragment Reassembly After IPSec Decryption, MCI Check, TCP Adjust MSS

  Output features: NAT Inside, Stateful Inspection, TCP Adjust MSS

  WCCP Redirect outbound is disabled

  WCCP Redirect inbound is disabled

  WCCP Redirect exclude is disabled

C        10.20.11.0/24 is directly connected, Vlan1

L        10.20.11.1/32 is directly connected, Vlan1

C        10.90.90.0/24 is directly connected, Vlan2

L        10.90.90.11/32 is directly connected, Vlan2

C     192.168.0.0/22 is directly connected, FastEthernet8

      192.168.0.0/32 is subnetted, 1 subnets

L        192.168.0.41 is directly connected, FastEthernet8

      194.56.32.0/24 is variably subnetted, 2 subnets, 2 masks

C        194.56.32.0/24 is directly connected, GigabitEthernet0

L        194.56.32.5/32 is directly connected, GigabitEthernet0

Thank you

When i set up nat on this interface, all works perfect.

Now i'm trying to set up NAT on both Fa8 and Gi0

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Innovations in Cisco Full Stack Observability - A new webinar from Cisco

Ā