09-23-2007 04:06 AM - edited 03-05-2019 06:39 PM
Hi have 7206 with 2 fa port. Port 1 and is connected to my ISP router. While port 2 is connected to a layer 2 switch going to my LAN. I configured my switch with dot1q trunking and 7206 router's fa4/0 with dot1q encapsulation. Trunking is working fine.
But my objective is to run a NAT static and dynamic, but what happens is that no translations are being made. I believe that the router should be able to reach other vlans. But i cannot think why the translation is not working. Can you feed me some answers? Thanks in advance.
Below are my config on 7206 router
interface FastEthernet4/0.1
encapsulation dot1Q 1 native
ip address 203.x.x.129 255.255.255.248
ip nat outside
!
interface FastEthernet4/0.2
encapsulation dot1Q 2
ip address 192.168.111.1 255.255.255.0
ip nat inside
!
ip nat inside source list 10 interface FastEthernet4/0.1 overload
!
access-list 10 permit 192.168.111.0 0.0.0.255
09-23-2007 09:56 AM
Hi Rick, try doing it as:
ip nat pool mypool 203.82.38.129 203.82.38.129 netmask 255.255.255.248
ip nat inside source list 10 pool mypool overload
access-list 10 permit 192.168.111.0 0.0.0.255 log
[edit] if you want to do static nat between the inside and outside use the " ip nat inside source static 192.168.11.x 203.82.38.y where "x" is the specific inside host and "y" is the allocated external address for the static nat translation.
HTH
Jorge
09-23-2007 10:06 AM
Per your config, it seems both the ISP and the Layer2 switch are connected to your router on the same physical interface (Port F4/0).
This is an odd configuration where you are tagging packets for translation as the come in and as they exit on the same physical interface.
09-23-2007 10:13 AM
Edison but I think theorically the translation shoudl occor, the subinterfaces have the nat inside/outside option, I don't tink it nessesarily need to have a dedicated phycial interface for the inside/outside I could be wrong then.
Jorge
09-23-2007 10:30 AM
And after labbing it out, it does. However, you must turn IP CEF off.
09-23-2007 11:40 PM
I did all you suggested but I'm still getting the same results. Any ideas on what is going on?
09-24-2007 01:52 AM
Hi,
I added up the route-map command. Unfortunately, it was still failing. I do try to use the debug ip nat, and nothing happen, as if the translation is not really not working, but the layer 1 connection of each devices are working well.
access-list 10 permit 192.168.0.0 0.0.255.255
route-map primary-nat permit 10
match ip address NAT 10
set ip next-hop 206.x.x.14
09-24-2007 03:53 AM
How the layer1 connection is made when both devices are going to the same physical port ?
Can you post the show ip nat translation and show ip nat stat output ?
09-24-2007 12:10 PM
Rick, this is a totaly new issue from your original post with just NATing which was proved by EdisonOrtiz to work, you did not throw PBR in this equation . What router advertizes the 206.x.x.14, is 206.x.x.14 another interface on the SP router ? please post the whole 7206 router config and indicate what role does 206.x.x.14 have.
Jorge
09-24-2007 03:30 AM
i think the interface connected to your ISP (what you called port1) should be ip nat outside.
can you paste your default route?
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: