ā06-07-2024 07:56 AM - edited ā06-07-2024 08:13 AM
This is my router config:
interface GigabitEthernet0/0.168
description Security Desk
encapsulation dot1Q 168
ip address 192.168.0.1 255.255.255.0
ip flow ingress
ip flow egress
ip nat inside
ip virtual-reassembly in
ip nat inside source route-map SECURITY_DESK interface GigabitEthernet0/0.168 overload
route-map SECURITY_DESK permit 10
match ip address 168
ip route 192.168.0.0 255.255.255.0 PUBLIC_IP
access-list 168 permit ip 192.168.0.0 0.0.0.255 any
It's building translations, but somehow the traffic is not leaving the router for the internet. What am I doing wrong?
EDIT: I notice I am getting a 192.168.0.1 address for my inside global instead of a public IP. Not sure why that is happening.
ā06-07-2024 07:59 AM
You need to use
Ip nat outside
Not
Ip nat inside
Under this interface
MHM
ā06-07-2024 09:33 AM
Thanks, but I caught was I did. The inside interface is correct, however; I needed to nat back to my outside interface.
ā06-07-2024 09:53 AM
I dont get your comment
It mandatory to use
Ip nat outside
Under interface use for NAT overload
MHM
ā06-07-2024 10:34 AM
My full config:
interface GigabitEthernet0/0.168
description Security Desk
encapsulation dot1Q 168
ip address 192.168.0.1 255.255.255.0
ip flow ingress
ip flow egress
ip nat inside
ip virtual-reassembly in
!
interface GigabitEthernet0/2.423
description Causeway Sec_desk Handoff
encapsulation dot1Q 423
no ip vrf forwarding verity-1001
ip address PUBLIC_IP.262 255.255.255.252
ip nat outside
ip virtual-reassembly in
!
ip nat inside source route-map SECURITY_DESK interface GigabitEthernet0/2.423 overload
route-map SECURITY_DESK permit 10
match ip address 168
ip route 192.168.0.0 255.255.255.0 PUBLIC_IP.161
access-list 168 permit ip 192.168.0.0 0.0.0.255 any
ā06-07-2024 10:37 AM
ip route 0.0.0.0 0.0.0.0 PUBLIC_IP.161
This need
MHM
ā06-07-2024 10:51 AM
default route is a different circuit. It's all working now.
ā06-07-2024 12:24 PM
Glad your issue solved
Have a nice day
MHM
ā06-07-2024 09:51 AM
Hello
Example base on your OP:
int x.x
no shut
int x.x.168
encapsulation dot1Q 168
description WAN
ip address 1.1.1.1 255.255.255.252
ip nat outside
int x.x
description LAN
ip address 192.168.0.1 255.255.255.0
ip nat inside
ip access-list extended 168
permit ip 192.168.0.0 0.0.0.255 any
route-map LAN
match ip address 168
ip nat inside source route-map LAN interface <WAN> overload
ip route 0.0.0.0 0.0.0.0 <WAN interface> 1.1.1.2
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide