Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
289
Views
0
Helpful
4
Replies

NAT config problem

dan_track
Level 1
Level 1

‎02-16-2009 11:05 AM - edited ‎03-06-2019 04:04 AM

Hi

I'm doing nat for the first time on a 6500 switch and I'm having problem with getting the configuration working and would appreciate some help.

I've got the following:

vlan 10

ip address 10.45.10.3 255.255.255.0

standby 10 10.45.10.1

ip nat inside

vlan 20

ip address 172.29.40.15 255.255.255.224

standby 20 ip 172.29.153.1

ip nat outside

access-list 110 permit ip 10.45.10.0 0.0.0.255 host 10.38.24.2

10.38.24.2 lies on the other side of the link on vlan 20.

At the moment I am unable to ping 10.38.24.2. Although if I ping from any othe rvlan outside of vlan 10 I am able to ping the server.

Please advise how I can fix this or what output you need?

Thanks

Labels:
0 Helpful
4 Replies 4

John Blakley
VIP Alumni
VIP Alumni

‎02-16-2009 11:14 AM

Why don't you just move the switchport that this host lies in to vlan 10?

Otherwise, what does your NAT statement look like?

HTH,

John

HTH, John *** Please rate all useful posts ***
0 Helpful

dan_track
Level 1
Level 1
In response to John Blakley

‎02-16-2009 11:19 AM

Thanks,

I'm can't move my environment around due to other connecitons.

I forgot about the nat connection, here it is:

ip nat inside source list 110 interface Vlan20 overload

Thanks

Dan

0 Helpful

John Blakley
VIP Alumni
VIP Alumni
In response to dan_track

‎02-16-2009 11:28 AM

Correct me if I'm wrong:

You can ping this server that's in VLAN 20, but the server is in a different subnet altogether? What type of equipment is this, and can you post all of your config? Do you have a diagram of how this is laid out?

In reality, if your server is attached to VLAN20, you shouldn't be able to get outside of that VLAN because the server wouldn't have a default gateway unless you have a router in between the server and the switch. A diagram would really help.

John

HTH, John *** Please rate all useful posts ***
0 Helpful

Jon Marshall
Hall of Fame
Hall of Fame

‎02-16-2009 11:27 AM

What result do you get if you do an extended ping with the source IP address of vlan 20 interface -

172.29.40.15

Also your HSRP address is not out of the same subnet on vlan 20 ie.

real IP - 172.29.40.15 - network 172.29.40.x

Virtual IP - 172.29.153.1

Finally - the vlan 20 interface on this switch - is it the active HSRP gateway. What about the other switch, have you applied "ip nat outside" there as well.

What does "sh ip nat translations" show on the switch ?

Jon

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card