Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
331
Views
1
Helpful
8
Replies

Getting NAT Translations but no internet

Alkemyst1971
Level 1
Level 1

‎06-07-2024 07:56 AM - edited ‎06-07-2024 08:13 AM

This is my router config:

interface GigabitEthernet0/0.168
description Security Desk
encapsulation dot1Q 168
ip address 192.168.0.1 255.255.255.0
ip flow ingress
ip flow egress
ip nat inside
ip virtual-reassembly in

ip nat inside source route-map SECURITY_DESK interface GigabitEthernet0/0.168 overload

route-map SECURITY_DESK permit 10
match ip address 168

ip route 192.168.0.0 255.255.255.0 PUBLIC_IP

access-list 168 permit ip 192.168.0.0 0.0.0.255 any


It's building translations, but somehow the traffic is not leaving the router for the internet.  What am I doing wrong?

 

EDIT:  I notice I am getting a 192.168.0.1 address for my inside global instead of a public IP.  Not sure why that is happening.

 

 

 

Labels:
0 Helpful
8 Replies 8

MHM Cisco World
VIP
VIP

‎06-07-2024 07:59 AM

You need to use 

Ip nat outside 

Not 

Ip nat inside 

Under this interface 

MHM

0 Helpful

Alkemyst1971
Level 1
Level 1
In response to MHM Cisco World

‎06-07-2024 09:33 AM

Thanks, but I caught was I did.  The inside interface is correct, however; I needed to nat back to my outside interface.

 

0 Helpful

MHM Cisco World
VIP
VIP
In response to Alkemyst1971

‎06-07-2024 09:53 AM

I dont get your comment 

It mandatory to use 

Ip nat outside 

Under interface use for NAT overload

MHM

0 Helpful

Alkemyst1971
Level 1
Level 1
In response to MHM Cisco World

‎06-07-2024 10:34 AM

My full config:

interface GigabitEthernet0/0.168
description Security Desk
encapsulation dot1Q 168
ip address 192.168.0.1 255.255.255.0
ip flow ingress
ip flow egress
ip nat inside
ip virtual-reassembly in
!
interface GigabitEthernet0/2.423
description Causeway Sec_desk Handoff
encapsulation dot1Q 423
no ip vrf forwarding verity-1001
ip address PUBLIC_IP.262 255.255.255.252
ip nat outside
ip virtual-reassembly in
!
ip nat inside source route-map SECURITY_DESK interface GigabitEthernet0/2.423 overload

route-map SECURITY_DESK permit 10
match ip address 168

ip route 192.168.0.0 255.255.255.0 PUBLIC_IP.161

access-list 168 permit ip 192.168.0.0 0.0.0.255 any

 

0 Helpful

MHM Cisco World
VIP
VIP
In response to Alkemyst1971

‎06-07-2024 10:37 AM

ip route 0.0.0.0 0.0.0.0 PUBLIC_IP.161

This need

MHM

0 Helpful

Alkemyst1971
Level 1
Level 1
In response to MHM Cisco World

‎06-07-2024 10:51 AM

default route is a different circuit.  It's all working now.

 

MHM Cisco World
VIP
VIP
In response to Alkemyst1971

‎06-07-2024 12:24 PM

Glad your issue solved 

Have a nice day

MHM

0 Helpful

paul driver
VIP
VIP

‎06-07-2024 09:51 AM

Hello
Example base on your OP:

int x.x
no shut
int x.x.168
encapsulation dot1Q 168
description  WAN
ip address 1.1.1.1 255.255.255.252
ip nat outside

int x.x
description  LAN
ip address 192.168.0.1 255.255.255.0
ip nat inside

ip access-list extended 168
permit ip 192.168.0.0 0.0.0.255 any

route-map LAN
match ip address 168

ip nat inside source route-map LAN interface <WAN> overload
ip route 0.0.0.0 0.0.0.0 <WAN interface> 1.1.1.2


Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul
0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card