cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements
Join Customer Connection to register!
284
Views
15
Helpful
6
Replies
lmnlis
Beginner

Can't ping other network using nat(pat)

I am trying to ping an end device from another network through Internet(ISP layer3 switch) using NAT overload on both routers. is it possible or it really is normal to not be able to ping because of single public IP? I am able to ping loopback address and other devices but not hosts.

1 ACCEPTED SOLUTION

Accepted Solutions

Hello,

 

there were a few things missing in your config. The right router had no 'ip nat inside source list' configured, so no NAT at all was taking place on that side. An access list that uses 'permit any' is usually not a good idea, I changed that to include the actual networks. The revised file is attached. Either way, you will always get a ping response from the outside public address, never from the original, private IP. Think about it this way: most NAT translations use private networks such as 192.168.1.0/24, these addresses are not routed over the Internet. You cannot get a response from these private space addresses, since everybody is using the same address space.

View solution in original post

6 REPLIES 6
Georg Pauwen
VIP Expert

Hello,

 

if this is a Packet Tracer project, post the zipped project (.pkt) file.

pkt file in zip has been posted. thanks

Hello,

 

there were a few things missing in your config. The right router had no 'ip nat inside source list' configured, so no NAT at all was taking place on that side. An access list that uses 'permit any' is usually not a good idea, I changed that to include the actual networks. The revised file is attached. Either way, you will always get a ping response from the outside public address, never from the original, private IP. Think about it this way: most NAT translations use private networks such as 192.168.1.0/24, these addresses are not routed over the Internet. You cannot get a response from these private space addresses, since everybody is using the same address space.

View solution in original post

paul driver
VIP Mentor

Hello
Nat can be used to hide networks - so basically all your 10.x.x.x subnets are hidden from each other building 

To ping an internal host from either building would require you to ping the natted “public” ip address not the internal address and using just the one public address for nat at each building then means you are using dynamic port address translation (PAT) which means you would only be able to each a specific internal host by its single natted public ip AND it’s port address 

 

 



kind regards
Paul

Please rate and mark posts accordingly if you have found any of the information provided useful.
It will hopefully assist others with similar issues in the future

 im sorry for not understanding. you mean i should not use dynamic pat(one public ip with dynamic port numbers) for pinging end to end devices but rather use static nat?

 

Ideally if you need to communicate with devices behind a public IP you would be setting up a VPN tunnel between the two routers. This eliminates the need for NAT completely as long as the private subnets at each end are different.