NAT

vu2jjq · ‎12-02-2006

Hello,

I was trying to establish NAT between two vlans. Following is the configuration.

interface vlan 40

ip address 10.10.10.1 255.255.255.0

ip nat inside

!

interface vlan 50

ip address 172.16.10.64 255.255.255.0

ip nat outside

!

ip nat pool eng-nat 172.16.10.1 172.16.10.63 prefix 24

!

ip nat inside source list 7 pool eng-nat

!

access-list 7 permit 10.10.10.0 0.0.0.127

I have tried on 6509 with SUP720 engine with native IOS version 122-17a.SX4.

I am not going outside the box and I cant see translation.

Please help.

kamal-learn · ‎12-03-2006

Hi

think of that ,try to generate traffic that is comming from the vlan 40 and is realy destined to outside vlan 50, for example form a pc in the vlan 40 try to ping a PC in the vlan 50 here you ll be sure if it s working or not but check reachability before implementing the NAT and after.

HTH

vu2jjq · ‎12-03-2006

Before and after the NAT, I have reachability to interfaces defined on the same box.

Its not doing any nating.

I have to configuring the IP on physical interfaces and see whether it works.

Till then

kamal-learn · ‎12-03-2006

HI

my friend your vlan 50is a subnet 172.16.10.0 255.255.255.0 okay, your are trying to nat to the same subnet

so i think that the box will not do any translation !!!

the source of the packet as intended to be is in same subnet to whitch it destined after translation!!

here the router will think that the packet is local and

has already reached it destination using only LAYER2 switching!!

so try another pool i think it will work

HTH

do rate if it does

vu2jjq · ‎12-03-2006

hello,

"try another pool". pls elaborate on this.

thank u for ur time.

kamal-learn · ‎12-03-2006

try this pool of new addresses

ip nat pool eng-forexample-nat 172.19.90.1 172.19.90.63 prefix 24

!

let us know

reynaldob · ‎12-03-2006

Hi,

Is this what you are trying to achieve?

pc---vlan 40---vlan 50---pc? or

pc---vlan 40---vlan 50---another sw/rtr?

I believe that if you remove the nat statements on both interface vlan, you can still achieve inter-vlan routing?

And at the same time reach the device on the supposed to be outside IP?

my 2 cents only...

kamal-learn · ‎12-03-2006

Hi

i think the idea of vu2jjq that he is trying to test nat with svi, switched virtual interfaces not forwarding traffic between to vlans!!!!!!

vu2jjq · ‎12-05-2006

Hello,

That did not really help Kamal. Am yet to try on the physical interface.

Thanks again.

JJQ

zubairjalal · ‎12-05-2006

change the subnet mask in the nat pool to

255.255.255.192

vu2jjq · ‎12-05-2006

Hello,

I was not using the gateway network of the box for outbound. For testing purpose, I was simply using just another vlan configured.

Now I have tried the 'ip nat outside' and the pool in the gateway network. It is working fine.

Thank you very much for your contributions.

Regards

JJQ