Showing results for 
Search instead for 
Did you mean: 

Confused about NAT process, Please Help


Can anyone please inform me why I am not getting expected result from the NAT process? I have included a Packet Tracer file.

Please view the configuration of two routers to know the details of the diagram.

Following activities are currently working properly in the Network diagram.

  1. There      are 3 VLANs, Computers from one VLAN can communicate with other VLAN. DHCP      servers are providing address to the hosts in different VLAN.
  2. Router      “Gateway” translates some private ip address to registered public ip      address based on the Access list
  3. “Show      IP access-list” showing the counters of matching packets, on “Gateway”      router.
  4. “IP      nat translation” showing Translation of Private Addresses based on ACL

As I have implemented an ACL on serial 0/0 inbound direction, I want Router “ISP” should block any private IP address coming from the “Gateway” Router.

On the router “Gateway” I have intentionally denied some private IP addresses in the access list, so that it can not take part in IP NAT translation process.


When I am using “tracert” from any Host computers it is showing the time to reach that IP address, but it cant ping that address

When I am using “tracert” from any servers, its showing “destination host unreachable”.

When I am using the Simulation mode of Packet tracer, simulation shows packets are generating from host computers, can reach and come back to the same host, but result is showing “Failed”.

“Show access-list” command on “ISP” router showing increasing counters only against “permit ip any any”. But counter are not increasing when I am sending packets from any servers (for those packets, which I don’t want to translate through the NAT process). In that case, when I am sending packets from any servers, counters against “deny ip any” should increase in the “ISP router.

Can anyone please help?

1 Reply 1


Hi Abhijit

Do you have the ACL and NAT configurations to troubleshoot more ? you can mark off public IP addresses and replace it by x.x.x.x , if required.. Also I'm not able to open the packet trace attached.. not sure which app i should use to open this..

Also if you have a very basic layout of your architecture, it will help us troubleshoot better.. As I see from your post, you have a layer 3 switch with 3 vlans configured (2 user vlans, 1 server vlan) ? do u want to block access between your local vlans ? or access from outside coming into your gateway device ?


Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: