Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

Dynamic NAT problem

Hi everyone,


I just have a question: why doesn't dynamic NAT in my PT-lab operate at all?


The design includes 2 routers connected to each other via subnet of 211.90.33.0 /25 (router interface IPs: 211.90.33.41 and 42, interfaces Fa1/0 on Router1 and Fa0/0 on Router2).
2-2 hosts are connected to each router, which hosts have the IPs of 172.20.10.2 /28, 172.20.20.2 /28, 172.20.30.2 /28 and 172.20.40.2 /28 (gateway IPs are .1s from these subnets - correctly configured on all the hosts).
As I said, I'd like to make dynamic NAT work.


Configuration on the two routers are as follows:


Router1:


interface FastEthernet0/0
ip address 172.20.10.1 255.255.255.240
ip nat inside
duplex auto
speed auto
!
interface FastEthernet0/1
ip address 172.20.20.1 255.255.255.240
ip nat inside
duplex auto
speed auto
!
interface FastEthernet1/0
ip address 210.90.33.41 255.255.255.128
ip access-group 11 out
ip nat outside
duplex auto
speed auto


ip nat pool Test1 210.90.33.1 210.90.33.5 netmask 255.255.255.128
ip nat inside source list 11 pool Test1
ip classless
!
access-list 11 permit 172.20.10.0 0.0.0.16
access-list 11 permit 172.20.20.0 0.0.0.16


On Router2:


interface FastEthernet0/0
ip address 210.90.33.42 255.255.255.128
ip access-group 22 out
ip nat outside
duplex auto
speed auto
!
interface FastEthernet0/1
ip address 172.20.30.1 255.255.255.240
ip nat inside
duplex auto
speed auto
!
interface FastEthernet1/0
ip address 172.20.40.1 255.255.255.240
ip nat inside
duplex auto
speed auto


ip nat pool Test2 210.90.33.6 210.90.33.10 netmask 255.255.255.128
ip nat inside source list 22 pool Test2
ip classless
!
access-list 22 permit 172.20.30.0 0.0.0.16
access-list 22 permit 172.20.40.0 0.0.0.16


Do you have any idea why this configuration doesn't work?


Thank you in advance!

4 REPLIES

I think you need static NAT

I think you need static NAT  so each host is Natted to a specific IP address. because at the moment

say host  172.20.10.2 whats to communicate with host 172.20.40.2, it doesn't know address to use in the 210.90.33.6 - 10 range, so assign host 172.20.40.2 an address of 210.90.33.6, then 172.20.10.2 would then communicate with 210.90.33.6.

HTH

Richard

New Member

Hi,

Hi,

I corrected my configuration as you advised but it still doesn't work correctly.

This time I tried to make routers forward ICMP packets (ping) between the hosts before configuring static NAT but it didn't succeed, however, both routing tables have entries to all the subnets so I don't see the problem..

In this way, NAT also doesn't work.

Bronze

A basic question, is the

A basic question, is the routing part configured properly?

If packets are not routed to the proper interfaces, NAT is not going to happen. 

Have you configured static

Have you configured static NAT on both routers?

if you do a "sh ip arp" on both routers do you see the static public addresses of the hosts?

can you ping the hosts from the opposing routers?

140
Views
0
Helpful
4
Replies
CreatePlease to create content