cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
759
Views
0
Helpful
4
Replies

Dynamic NAT problem

andnagy122
Level 1
Level 1

Hi everyone,


I just have a question: why doesn't dynamic NAT in my PT-lab operate at all?


The design includes 2 routers connected to each other via subnet of 211.90.33.0 /25 (router interface IPs: 211.90.33.41 and 42, interfaces Fa1/0 on Router1 and Fa0/0 on Router2).
2-2 hosts are connected to each router, which hosts have the IPs of 172.20.10.2 /28, 172.20.20.2 /28, 172.20.30.2 /28 and 172.20.40.2 /28 (gateway IPs are .1s from these subnets - correctly configured on all the hosts).
As I said, I'd like to make dynamic NAT work.


Configuration on the two routers are as follows:


Router1:


interface FastEthernet0/0
ip address 172.20.10.1 255.255.255.240
ip nat inside
duplex auto
speed auto
!
interface FastEthernet0/1
ip address 172.20.20.1 255.255.255.240
ip nat inside
duplex auto
speed auto
!
interface FastEthernet1/0
ip address 210.90.33.41 255.255.255.128
ip access-group 11 out
ip nat outside
duplex auto
speed auto


ip nat pool Test1 210.90.33.1 210.90.33.5 netmask 255.255.255.128
ip nat inside source list 11 pool Test1
ip classless
!
access-list 11 permit 172.20.10.0 0.0.0.16
access-list 11 permit 172.20.20.0 0.0.0.16


On Router2:


interface FastEthernet0/0
ip address 210.90.33.42 255.255.255.128
ip access-group 22 out
ip nat outside
duplex auto
speed auto
!
interface FastEthernet0/1
ip address 172.20.30.1 255.255.255.240
ip nat inside
duplex auto
speed auto
!
interface FastEthernet1/0
ip address 172.20.40.1 255.255.255.240
ip nat inside
duplex auto
speed auto


ip nat pool Test2 210.90.33.6 210.90.33.10 netmask 255.255.255.128
ip nat inside source list 22 pool Test2
ip classless
!
access-list 22 permit 172.20.30.0 0.0.0.16
access-list 22 permit 172.20.40.0 0.0.0.16


Do you have any idea why this configuration doesn't work?


Thank you in advance!

4 Replies 4

I think you need static NAT  so each host is Natted to a specific IP address. because at the moment

say host  172.20.10.2 whats to communicate with host 172.20.40.2, it doesn't know address to use in the 210.90.33.6 - 10 range, so assign host 172.20.40.2 an address of 210.90.33.6, then 172.20.10.2 would then communicate with 210.90.33.6.

HTH

Richard

Hi,

I corrected my configuration as you advised but it still doesn't work correctly.

This time I tried to make routers forward ICMP packets (ping) between the hosts before configuring static NAT but it didn't succeed, however, both routing tables have entries to all the subnets so I don't see the problem..

In this way, NAT also doesn't work.

A basic question, is the routing part configured properly?

If packets are not routed to the proper interfaces, NAT is not going to happen. 

Have you configured static NAT on both routers?

if you do a "sh ip arp" on both routers do you see the static public addresses of the hosts?

can you ping the hosts from the opposing routers?

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Innovations in Cisco Full Stack Observability - A new webinar from Cisco