01-14-2009 11:20 AM - edited 03-06-2019 03:26 AM
We are having an issue with our nat statements. Was hoping someone could see something I don't. Here's the low down. We have 2 networks .157.0 and 158.0 that need access to our as400. They are going through their own switch before the hit our net work. As far as I can tell it should work. But I canot ping their workstations and the cant et past their Gateway.
interface GigabitEthernet6/0/0.162
description Volt Delta
encapsulation dot1Q 162
ip address 192.168.162.211 255.255.255.240
no ip redirects
ip nat outside
!
!
router eigrp 1
redistribute static
network 172.21.255.20 0.0.0.3
network 172.28.255.16 0.0.0.3
network 172.28.255.36 0.0.0.3
network 172.28.255.40 0.0.0.3
network 172.28.255.64 0.0.0.3
network 172.30.0.0
network 192.168.0.24 0.0.0.3
network 192.168.1.60 0.0.0.3
network 192.168.4.12 0.0.0.3
network 192.168.4.28 0.0.0.3
network 192.168.6.16 0.0.0.15
network 192.168.77.0
network 192.168.102.0
network 192.168.103.0
network 192.168.104.0
network 192.168.107.0
network 192.168.110.0
network 192.168.112.0
network 192.168.162.208 0.0.0.15
network 192.168.240.0
no auto-summary
eigrp log-neighbor-changes
!
no auto-summary
eigrp log-neighbor-changes
!
router eigrp 20
network 172.28.255.80 0.0.0.3
no auto-summary
eigrp log-neighbor-changes
!
ip nat inside source list NAT interface GigabitEthernet6/0/0.162 overload
ip nat inside source static tcp 192.168.105.10 23 192.168.162.222 23 extendable
ip nat inside source static tcp 172.29.14.74 23 192.168.162.221 23 extendable
ip nat inside source static tcp 172.29.14.96 23 192.168.162.220 23 extendable
ip classless
ip route 0.0.0.0 0.0.0.0 172.28.255.65
ip route 192.168.157.0 255.255.255.0 192.168.162.213
ip route 192.168.158.0 255.255.255.0 192.168.162.213
ip tacacs source-interface FastEthernet1/1/0.1
no ip http server
!
!
ip access-list extended NAT
permit ip 192.168.157.0 0.0.0.255 host 172.29.14.74
permit ip 192.168.157.0 0.0.0.255 host 192.168.105.10
permit ip 192.168.158.0 0.0.0.255 host 172.29.14.74
permit ip 192.168.158.0 0.0.0.255 host 192.168.105.10
permit ip 192.168.157.0 0.0.0.255 host 172.29.14.96
permit ip 192.168.158.0 0.0.0.255 host 172.29.14.96
01-14-2009 11:28 AM
Gregory
We are missing some of the detail here. Where is "ip nat inside" applied to ie. which interface as it is not included in the above config.
You are dynamically natting 192.168.157 & 158 to 192.168.162.211. So you won't be able to ping the 192.168.157/158 addresses unless you are pinging the real addresses ?
Perhaps you could explain the topology a little better.
What config are we looking at above.
What does "sh ip nat translations" show on the device you are doing the NAT on ?
Jon
01-15-2009 08:13 AM
Jon,
Thanks so much for taking a look at this for me.. Here is the information we're missing;
Well right now we have "ip nat inside" on several different interfaces including the one going back to the AS400 (ATM1/0/0 172.28.255.66)
The config is off a 7507 Version 12.1(18), RELEASE SOFTWARE (fc1)
The topology is this: We have the work stations (.157.0/24 and .158.0/24) connect to their Nortel switches in to our 6509 then over fiber to the 7507 (GigabitEthernet6/0/0.162 192.168.162.211).
Here is the output from "sh ip nat trans"
arabaldc7507#sh ip nat trans
Pro Inside global Inside local Outside local Outside global
tcp 192.168.162.220:23 172.29.14.96:23 --- ---
tcp 192.168.162.221:23 172.29.14.74:23 --- ---
tcp 192.168.162.222:23 192.168.105.10:23 --- ---
Thanks again so much for your help..
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: