Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
321
Views
0
Helpful
4
Replies

problem with NAT on 2600

schadmin
Level 1
Level 1

‎03-14-2006 10:14 AM - edited ‎03-03-2019 02:16 AM

We can't get any translations to show on our router when connecting from the outside. I was looking at the config and was wondering if the sub-interface portion was correct. I am curius to know that if I put an IP on fa0/1 (instead of fa0/1.1) if this works the same way? below is a snippet of what I am talking about.

interface FastEthernet0/1

description LAN Interface to CJF

ip address xxx

ip access-group 103 in

ip access-group 103 out

ip nat outside

no ip mroute-cache

duplex auto

speed auto

!

interface FastEthernet0/1.2

encapsulation dot1Q 3

ip address xxx

ip helper-address 10.100.1.28

no ip redirects

ip nat inside source statice "local IP" "outside IP" extendable

Labels:
0 Helpful
4 Replies 4

lgijssel
Level 9
Level 9

‎03-14-2006 10:27 AM

What you get by putting an IP on the interface is a connection with the native vlan.

This will only work when the other side also supports packets -without- dot1Q encapsulation.

Regards,

Leo

0 Helpful

schadmin
Level 1
Level 1
In response to lgijssel

‎03-14-2006 10:38 AM

Ok. Then 1 more question. Is it possible to do a static NAT translation to an IP that is not defined on an interface? Does the below configuration work?

interface FastEthernet0/0

description WAN Interface To Wireless

ip address 192.168.20.1 255.255.255.0

ip access-group 100 in

ip access-group 100 out

no ip mroute-cache

duplex auto

speed auto

!

interface Serial0/0

ip address 192.168.253.250 255.255.255.252

ip nat inside

!

interface FastEthernet0/1

description LAN Interface to CJF

ip address 10.100.112.1 255.255.248.0

ip access-group 103 in

ip access-group 103 out

ip nat outside

no ip mroute-cache

duplex auto

speed auto

!

interface FastEthernet0/1.2

encapsulation dot1Q 3

ip address 10.100.128.1 255.255.248.0

ip helper-address 10.100.1.28

no ip redirects

ip nat inside source static 172.16.1.3 10.100.112.10 extendable

all I see in the nat table is the following:

HCJFROUTER#sh ip nat translations

Pro Inside global Inside local Outside local Outside global

--- 10.100.112.10 172.16.1.3 --- ---

I am trying to figure out why I can't NAT and reach 172.16.1.3 when going to 10.100.112.10

0 Helpful

Michael Stuckey
Level 3
Level 3
In response to schadmin

‎03-14-2006 01:59 PM

You have to have 2 interfaces doing nat if you want to nat. An inside and an outside. You do not have ip nat inside on any interface. To do natting you must go from one nat interface to another nat interface. Look at the example links I sent previously. This example config you are showing us will not do any nat. I do not think the ip nat inside source will even work properly without a "ip nat inside" on an interface that it is set up for.

If this helps please rate.

Mike

0 Helpful

Michael Stuckey
Level 3
Level 3

‎03-14-2006 10:56 AM

This configuration is in complete. Here is a link that can get you started.

http://www.cisco.com/en/US/customer/tech/tk648/tk361/technologies_configuration_example09186a0080093f8e.shtml

This TAC case has an example for extendable use.

http://www.ciscotaccc.com/iprout/showcase?case=K75019454

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents