Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
Bookmark
|
Subscribe
|
1023
Views
0
Helpful
4
Replies

Dynamic NAT problem

andnagy122
Level 1
Level 1

‎01-13-2016 08:57 AM - edited ‎03-05-2019 03:07 AM

Hi everyone,


I just have a question: why doesn't dynamic NAT in my PT-lab operate at all?


The design includes 2 routers connected to each other via subnet of 211.90.33.0 /25 (router interface IPs: 211.90.33.41 and 42, interfaces Fa1/0 on Router1 and Fa0/0 on Router2).
2-2 hosts are connected to each router, which hosts have the IPs of 172.20.10.2 /28, 172.20.20.2 /28, 172.20.30.2 /28 and 172.20.40.2 /28 (gateway IPs are .1s from these subnets - correctly configured on all the hosts).
As I said, I'd like to make dynamic NAT work.


Configuration on the two routers are as follows:


Router1:


interface FastEthernet0/0
ip address 172.20.10.1 255.255.255.240
ip nat inside
duplex auto
speed auto
!
interface FastEthernet0/1
ip address 172.20.20.1 255.255.255.240
ip nat inside
duplex auto
speed auto
!
interface FastEthernet1/0
ip address 210.90.33.41 255.255.255.128
ip access-group 11 out
ip nat outside
duplex auto
speed auto


ip nat pool Test1 210.90.33.1 210.90.33.5 netmask 255.255.255.128
ip nat inside source list 11 pool Test1
ip classless
!
access-list 11 permit 172.20.10.0 0.0.0.16
access-list 11 permit 172.20.20.0 0.0.0.16


On Router2:


interface FastEthernet0/0
ip address 210.90.33.42 255.255.255.128
ip access-group 22 out
ip nat outside
duplex auto
speed auto
!
interface FastEthernet0/1
ip address 172.20.30.1 255.255.255.240
ip nat inside
duplex auto
speed auto
!
interface FastEthernet1/0
ip address 172.20.40.1 255.255.255.240
ip nat inside
duplex auto
speed auto


ip nat pool Test2 210.90.33.6 210.90.33.10 netmask 255.255.255.128
ip nat inside source list 22 pool Test2
ip classless
!
access-list 22 permit 172.20.30.0 0.0.0.16
access-list 22 permit 172.20.40.0 0.0.0.16


Do you have any idea why this configuration doesn't work?


Thank you in advance!

Labels:
0 Helpful
4 Replies 4

Richard Bradfield
Level 6
Level 6

‎01-14-2016 03:54 PM

I think you need static NAT  so each host is Natted to a specific IP address. because at the moment

say host  172.20.10.2 whats to communicate with host 172.20.40.2, it doesn't know address to use in the 210.90.33.6 - 10 range, so assign host 172.20.40.2 an address of 210.90.33.6, then 172.20.10.2 would then communicate with 210.90.33.6.

HTH

Richard

0 Helpful

andnagy122
Level 1
Level 1
In response to Richard Bradfield

‎01-15-2016 01:24 AM

Hi,

I corrected my configuration as you advised but it still doesn't work correctly.

This time I tried to make routers forward ICMP packets (ping) between the hosts before configuring static NAT but it didn't succeed, however, both routing tables have entries to all the subnets so I don't see the problem..

In this way, NAT also doesn't work.

0 Helpful

zhenningx
Level 4
Level 4
In response to andnagy122

‎01-15-2016 10:08 AM

A basic question, is the routing part configured properly?

If packets are not routed to the proper interfaces, NAT is not going to happen. 

0 Helpful

Richard Bradfield
Level 6
Level 6
In response to andnagy122

‎01-15-2016 01:29 PM

Have you configured static NAT on both routers?

if you do a "sh ip arp" on both routers do you see the static public addresses of the hosts?

can you ping the hosts from the opposing routers?

0 Helpful
Top