Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2820
Views
5
Helpful
8
Replies

NAT on layer 3 Switch

Go to solution
terrysk68
Level 1
Level 1

‎08-09-2022 06:20 PM

Good day everyone,

I have a layer 3 switch no router in the Topology with 4 vlans inter vlan routing is enable all devices can communicate between vlans.  I have a connection to the internet(that allows me to VPN into the network to get to my devices) that is managed by another team.  The team gave me a subnet to give my devices so I could access them. What information do I need from them to enable NAT so my devices can access the internet via that connection?

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
MHM Cisco World
VIP
VIP

‎08-10-2022 03:02 AM

the VPN will look like direct connect link, 
only config 
ip route 0.0.0.0 0.0.0.0 <VPN interface>
and the traffic from your SW will go without NATing and the other Side will do NATing.

View solution in original post

0 Helpful
8 Replies 8

Go to solution
Kasun Bandara
VIP
VIP

‎08-09-2022 08:12 PM

you need to know internal subnet which need internet access and allow NAT for those subnets. check below guide

https://www.cisco.com/c/en/us/support/docs/switches/catalyst-9300-series-switches/217419-configure-and-verify-nat-on-catalyst-900.html

Please rate this and mark as solution/answer, if this resolved your issue
Good luck
KB
0 Helpful

Go to solution
terrysk68
Level 1
Level 1
In response to Kasun Bandara

‎08-10-2022 06:12 AM

Thank you for the guide I will read it.
0 Helpful

Go to solution
Georg Pauwen
VIP
VIP

‎08-10-2022 12:04 AM

Hello,

post a diagram of your topology that shows how you are connected to the Internet, and where the VPN is terminated (your PC, a VPN router ?).

Also, what switch modeldo you have ? Post the running configuration (sh run) of that switch as well.

0 Helpful

Go to solution
terrysk68
Level 1
Level 1
In response to Georg Pauwen

‎08-10-2022 06:29 AM

I have a 9300 switch and I've attached a copy of the Topology... they decided to use the layer 3 switch as the way out instead of the router I guess they have their reasons.

Screenshot_20220810-092233_Gallery.jpg

0 Helpful

Go to solution
Georg Pauwen
VIP
VIP
In response to terrysk68

‎08-10-2022 10:17 AM

Hello,

-->  I have a connection to the internet(that allows me to VPN into the network to get to my devices

I am not really clear yet on what you want to accomplish. Post the running configuration (sh run) of the switch, and put a description on the outgoing interface so we can see which interface that is...

0 Helpful

Go to solution
terrysk68
Level 1
Level 1
In response to Georg Pauwen

‎08-10-2022 11:18 AM

I'm trying to get my 4 subnets to get out to the internet via my connection on interface 4.  right now I have my subnets and a connection from my network team how will I route my subnets to get out to the internet.

Preview file
5 KB
0 Helpful

Go to solution
MHM Cisco World
VIP
VIP

‎08-10-2022 03:02 AM

the VPN will look like direct connect link, 
only config 
ip route 0.0.0.0 0.0.0.0 <VPN interface>
and the traffic from your SW will go without NATing and the other Side will do NATing.

0 Helpful

Go to solution
terrysk68
Level 1
Level 1
In response to MHM Cisco World

‎08-10-2022 06:30 AM

Thank you for this nugget someone else here suggested the same thing.

Customers Also Viewed These Support Documents