cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
2281
Views
5
Helpful
8
Replies

NAT on layer 3 Switch

terrysk68
Level 1
Level 1

Good day everyone,

I have a layer 3 switch no router in the Topology with 4 vlans inter vlan routing is enable all devices can communicate between vlans.  I have a connection to the internet(that allows me to VPN into the network to get to my devices) that is managed by another team.  The team gave me a subnet to give my devices so I could access them. What information do I need from them to enable NAT so my devices can access the internet via that connection?

1 Accepted Solution

Accepted Solutions

the VPN will look like direct connect link, 
only config 
ip route 0.0.0.0 0.0.0.0 <VPN interface>
and the traffic from your SW will go without NATing and the other Side will do NATing.

View solution in original post

8 Replies 8

you need to know internal subnet which need internet access and allow NAT for those subnets. check below guide

https://www.cisco.com/c/en/us/support/docs/switches/catalyst-9300-series-switches/217419-configure-and-verify-nat-on-catalyst-900.html

Please rate this and mark as solution/answer, if this resolved your issue
Good luck
KB

Thank you for the guide I will read it.

Hello,

post a diagram of your topology that shows how you are connected to the Internet, and where the VPN is terminated (your PC, a VPN router ?).

Also, what switch modeldo you have ? Post the running configuration (sh run) of that switch as well.

I have a 9300 switch and I've attached a copy of the Topology... they decided to use the layer 3 switch as the way out instead of the router I guess they have their reasons.

Screenshot_20220810-092233_Gallery.jpg

Hello,

-->  I have a connection to the internet(that allows me to VPN into the network to get to my devices

I am not really clear yet on what you want to accomplish. Post the running configuration (sh run) of the switch, and put a description on the outgoing interface so we can see which interface that is...

I'm trying to get my 4 subnets to get out to the internet via my connection on interface 4.  right now I have my subnets and a connection from my network team how will I route my subnets to get out to the internet.

the VPN will look like direct connect link, 
only config 
ip route 0.0.0.0 0.0.0.0 <VPN interface>
and the traffic from your SW will go without NATing and the other Side will do NATing.

Thank you for this nugget someone else here suggested the same thing.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Innovations in Cisco Full Stack Observability - A new webinar from Cisco