Can anyone please inform me why I am not getting expected result from the NAT process? I have included a Packet Tracer file.
Please view the configuration of two routers to know the details of the diagram.
Following activities are currently working properly in the Network diagram.
There are 3 VLANs, Computers from one VLAN can communicate with other VLAN. DHCP servers are providing address to the hosts in different VLAN.
Router “Gateway” translates some private ip address to registered public ip address based on the Access list
“Show IP access-list” showing the counters of matching packets, on “Gateway” router.
“IP nat translation” showing Translation of Private Addresses based on ACL
As I have implemented an ACL on serial 0/0 inbound direction, I want Router “ISP” should block any private IP address coming from the “Gateway” Router.
On the router “Gateway” I have intentionally denied some private IP addresses in the access list, so that it can not take part in IP NAT translation process.
When I am using “tracert 100.100.100.102” from any Host computers it is showing the time to reach that IP address, but it cant ping that address
When I am using “tracert 100.100.100.102” from any servers, its showing “destination host unreachable”.
When I am using the Simulation mode of Packet tracer, simulation shows packets are generating from host computers, can reach and come back to the same host, but result is showing “Failed”.
“Show access-list” command on “ISP” router showing increasing counters only against “permit ip any any”. But counter are not increasing when I am sending packets from any servers (for those packets, which I don’t want to translate through the NAT process). In that case, when I am sending packets from any servers, counters against “deny ip 172.16.0.0 0.0.15.255 any” should increase in the “ISP router.
Do you have the ACL and NAT configurations to troubleshoot more ? you can mark off public IP addresses and replace it by x.x.x.x , if required.. Also I'm not able to open the packet trace attached.. not sure which app i should use to open this..
Also if you have a very basic layout of your architecture, it will help us troubleshoot better.. As I see from your post, you have a layer 3 switch with 3 vlans configured (2 user vlans, 1 server vlan) ? do u want to block access between your local vlans ? or access from outside coming into your gateway device ?