Cisco Support Community
Community Member

NAT between outside VLAN interfaces


I am facing the following problem:

On a 6500 I defined several NAT inside and outside VLAN's.

NAT/PAT works fine between inside and outside, but I can't get clients which are connected on two different outside VLAN's to communicate with each other.

But when I ping from the 6500 itself  I get ICMP replies and NATting works fine:

Core-C6506E-CC#sh ip nat statistics
Total active translations: 2465 (0 static, 2465 dynamic; 2465 extended)
Outside interfaces:
  Vlan11, Vlan159, Vlan300, Vlan965, Vlan967, Vlan968
Inside interfaces:
  Vlan261, Vlan262, Vlan263

Core-C6506E-CC#ping vrf Office-Network so vlan 300
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to, timeout is 2 seconds:
Packet sent with a source address of
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/1 ms


Core-C6506E-CC#sh ip nat translations | inc 10.10.100        


As you can see the ICMP from vlan 300 is translated via the vlan 965 interface ip address

interface Vlan965
 description VLAN965
 ip vrf forwarding Office-Network
 ip address
 ip nat outside
 private-vlan mapping 265


Any ideas why clients who are using GW are not NATed the same way ?

Access Lists are checked already.


Thanks in advance

Everyone's tags (1)
Community Member

I googled this issue and

I googled this issue and found a post which explains that inter VLAN natting between outside interfaces is only possible by using NVI with "ip nat enable".

But this does not explain why translating is working for the router.

I also have the problem that I can't use NVI. The command is not recognized. I am using IOS 15.1


CreatePlease to create content