Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Attention: The Community will be in read-only mode on 12/14/2017 from 12:00 am pacific to 11:30 am.

During this time you will only be able to see content. Other interactions such as posting, replying to questions, or marking content as helpful will be disabled for few hours.

We apologize for the inconvenience while we perform important updates to the Community.

New Member

NAT config problem


I'm doing nat for the first time on a 6500 switch and I'm having problem with getting the configuration working and would appreciate some help.

I've got the following:

vlan 10

ip address

standby 10

ip nat inside

vlan 20

ip address

standby 20 ip

ip nat outside

access-list 110 permit ip host lies on the other side of the link on vlan 20.

At the moment I am unable to ping Although if I ping from any othe rvlan outside of vlan 10 I am able to ping the server.

Please advise how I can fix this or what output you need?



Re: NAT config problem

Why don't you just move the switchport that this host lies in to vlan 10?

Otherwise, what does your NAT statement look like?



HTH, John *** Please rate all useful posts ***
New Member

Re: NAT config problem


I'm can't move my environment around due to other connecitons.

I forgot about the nat connection, here it is:

ip nat inside source list 110 interface Vlan20 overload



Re: NAT config problem

Correct me if I'm wrong:

You can ping this server that's in VLAN 20, but the server is in a different subnet altogether? What type of equipment is this, and can you post all of your config? Do you have a diagram of how this is laid out?

In reality, if your server is attached to VLAN20, you shouldn't be able to get outside of that VLAN because the server wouldn't have a default gateway unless you have a router in between the server and the switch. A diagram would really help.


HTH, John *** Please rate all useful posts ***
Hall of Fame Super Blue

Re: NAT config problem

What result do you get if you do an extended ping with the source IP address of vlan 20 interface -

Also your HSRP address is not out of the same subnet on vlan 20 ie.

real IP - - network 172.29.40.x

Virtual IP -

Finally - the vlan 20 interface on this switch - is it the active HSRP gateway. What about the other switch, have you applied "ip nat outside" there as well.

What does "sh ip nat translations" show on the switch ?


CreatePlease to create content