cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
565
Views
0
Helpful
9
Replies

Intervlan Routing with NAT

worldcalltel
Level 1
Level 1

Hi have 7206 with 2 fa port. Port 1 and is connected to my ISP router. While port 2 is connected to a layer 2 switch going to my LAN. I configured my switch with dot1q trunking and 7206 router's fa4/0 with dot1q encapsulation. Trunking is working fine.

But my objective is to run a NAT static and dynamic, but what happens is that no translations are being made. I believe that the router should be able to reach other vlans. But i cannot think why the translation is not working. Can you feed me some answers? Thanks in advance.

Below are my config on 7206 router

interface FastEthernet4/0.1

encapsulation dot1Q 1 native

ip address 203.x.x.129 255.255.255.248

ip nat outside

!

interface FastEthernet4/0.2

encapsulation dot1Q 2

ip address 192.168.111.1 255.255.255.0

ip nat inside

!

ip nat inside source list 10 interface FastEthernet4/0.1 overload

!

access-list 10 permit 192.168.111.0 0.0.0.255

9 Replies 9

JORGE RODRIGUEZ
Level 10
Level 10

Hi Rick, try doing it as:

ip nat pool mypool 203.82.38.129 203.82.38.129 netmask 255.255.255.248

ip nat inside source list 10 pool mypool overload

access-list 10 permit 192.168.111.0 0.0.0.255 log

[edit] if you want to do static nat between the inside and outside use the " ip nat inside source static 192.168.11.x 203.82.38.y where "x" is the specific inside host and "y" is the allocated external address for the static nat translation.

HTH

Jorge

Jorge Rodriguez

Edison Ortiz
Hall of Fame
Hall of Fame

Per your config, it seems both the ISP and the Layer2 switch are connected to your router on the same physical interface (Port F4/0).

This is an odd configuration where you are tagging packets for translation as the come in and as they exit on the same physical interface.

Edison but I think theorically the translation shoudl occor, the subinterfaces have the nat inside/outside option, I don't tink it nessesarily need to have a dedicated phycial interface for the inside/outside I could be wrong then.

Jorge

Jorge Rodriguez

And after labbing it out, it does. However, you must turn IP CEF off.

I did all you suggested but I'm still getting the same results. Any ideas on what is going on?

Hi,

I added up the route-map command. Unfortunately, it was still failing. I do try to use the debug ip nat, and nothing happen, as if the translation is not really not working, but the layer 1 connection of each devices are working well.

access-list 10 permit 192.168.0.0 0.0.255.255

route-map primary-nat permit 10

match ip address NAT 10

set ip next-hop 206.x.x.14

How the layer1 connection is made when both devices are going to the same physical port ?

Can you post the show ip nat translation and show ip nat stat output ?

Rick, this is a totaly new issue from your original post with just NATing which was proved by EdisonOrtiz to work, you did not throw PBR in this equation . What router advertizes the 206.x.x.14, is 206.x.x.14 another interface on the SP router ? please post the whole 7206 router config and indicate what role does 206.x.x.14 have.

Jorge

Jorge Rodriguez

ohassairi
Level 5
Level 5

i think the interface connected to your ISP (what you called port1) should be ip nat outside.

can you paste your default route?

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: