Re: I enable NAT, then routing stops

news2010a · ‎09-07-2006

PC-A IP=10.1.1.1 +-hub-+[e0/0:10.1.1.5 RouterA s0/0:195.1.1.4]===V35===[s0:195.1.1.10 RouterB 152.1.1.1:e0]+-hub--+[e0:RouterC 152.1.1.2]

Router configuration is attached.

If I remove the entries

int e0/0

ip nat inside

and

int s0/0

ip nat outside

from RouterA, I can ping from PC-A (10.1.1.1) to 152.1.1.2 just fine. If add the respective nat entries on e0/0 and s0/0, ping from PC-A (10.1.1.1) to RouterC (152.1.1.2) times out.

What am I missing ? I am trying to apply NAT in order to get the address 10.1.1.1 translated into 195.1.1.1.

I guess somehow the NAT statements are causing a conflict in the ip route statements, but I can't figure out why.

farkascsgy · ‎09-08-2006

Have you tried use the NAT with overload option?

It can be like this:

ip nat inside source list "ACL" interface "interface" overload

ACL - restrict allowed IP range for NAT

bye

FCS

Pleasa rate me if I helped.

desai.jaideep · ‎09-08-2006

Hi

The routes you are giving are wrong.the should have been default routes instead of network specific routes....for eg

Instead of 10.1.1.0 255.255.255.0 195.1.1.4, it should have been 0.0.0.0 0.0.0.0 s0 etc.

Then i believe your NAT statements would work.

Router A

interface Ethernet0/0

ip address 10.1.1.5 255.255.255.0

ip nat inside

interface Serial0/0

ip address 195.1.1.4 255.255.255.0

ip nat outside

ip nat inside source static 10.1.1.1 195.1.1.1

ip nat inside source list 1 interface s0/0 overload

ip route 0.0.0.0 0.0.0.0 195.1.1.10

access-list 1 permit ip 10.1.1.0 0.0.0.255

Router B

interface Ethernet0/0

ip address 152.1.1.1 255.255.255.0

interface Serial0/0

ip address 195.1.1.10 255.255.255.0

ip route 0.0.0.0 0.0.0.0 195.1.1.4

Now from ip pool 152.1.1.0, if you will ping 195.1.1.1, you will get.But if you will ping 10.x.x.x you wont be able to...simply b'coz its NAT.

Hope that will help, revert back if u have more queries.

Pls rate helpful posts.

Regards

JD

news2010a · ‎09-08-2006

Another question:

If I use dynamic tables instead (i.e., router RIP) of using the default route, everything seems to work fine.

My question is, in production environments usually you would be dealing the ip nat statements without dealing with default routes ? Or I guess that varies and in many production environments you end up with static/default routes as well ?

desai.jaideep · ‎09-08-2006

Hi

U mean to say that you are able to ping the IPs behind NAT?

Regards

JD

Edison Ortiz · ‎09-08-2006

Marlon,

Can I see the

show ip nat translations

from router A ?

Can you ping 195.1.1.1 from RouterA or RouterB ?

news2010a · ‎09-08-2006

Hi, yes I can ping 195.1.1.1 OK from RouterA and from RouterB.

RouterA#show ip nat translations

Pro Inside global Inside local Outside local Outside global

--- 195.1.1.1 10.1.1.1 --- ---

RouterA#ping 195.1.1.1

Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 195.1.1.1, timeout is 2 seconds:

.!!!!

Success rate is 80 percent (4/5), round-trip min/avg/max = 1/2/4 ms

Edison Ortiz · ‎09-08-2006

On RouterA, please remove this statement

ip route 10.1.1.0 255.255.255.0 Ethernet0/0

You don't need it because RouterA has

interface Ethernet0/0

ip address 10.1.1.5 255.255.255.0

Which represents that network already. It will show up in the routing table as a 'connected' network.

In routerB, I want you to enter

ip route 195.1.1.1 255.255.255.255 serial0/0

Please let me know how it works and rate helpful posts.

Thanks

news2010a · ‎09-09-2006

Yes, that works ! Thanks !