Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results forĀ 
Search instead forĀ 
Did you mean:Ā 
cancel
Start a conversation
172
Views
0
Helpful
7
Replies

how PAT not working on cisco router?

Herman2018
Level 3
Level 3

ā€Ž01-03-2025 01:30 AM

hi, I am trying to config PAT on the router SAC01, configured the nat as shown below. IP address translation happened when I ping the external server ip with the source IP 10.10.1.1- interface g0/0 of SAC01, but when ping from VPC, then NAT is not working. the source ip doesn't translated. Can someone please help advise why it doesn't work? I test on eve-ng, Thanks in advance! 

 

Config on SAC01

int g0/0

ip add 10.10.1.1 255.255.255.0 

ip nat inside

 

int g0/1

ip addr 10.20.1.1 255.255.255.0

ip nat outside

ip nat inside source list 1 interface GigabitEthernet0/1 overload

access-list 1 permit any

config on VPC

IP Address: 10. 10.1.10 255.255.255.0 ,gateway 10.10.1.1

can ping the gateway IP ( the ip address of SAC01 interface g0/0)

 

 

Herman2018_0-1735895911510.png

 

0 Helpful
7 Replies 7

M02@rt37
VIP
VIP

ā€Ž01-03-2025 01:38 AM - edited ā€Ž01-03-2025 01:40 AM

Hello @Herman2018 

Enable debug to check NAT in action:

debug ip nat

Best regards
.ı|ı.ı|ı. If This Helps, Please Rate .ı|ı.ı|ı.
0 Helpful

MHM Cisco World
VIP
VIP

ā€Ž01-03-2025 01:40 AM

How router config as CoreSW??

MHM

0 Helpful

Herman2018
Level 3
Level 3
In response to MHM Cisco World

ā€Ž01-03-2025 05:10 AM

Thanks M02@rt37  for your response, on the core switch, just configured the ports G0/0 and G0/2 to the same vlan (access vlan), I ca@n ping 10.10.1.1(SAC01 interface G0/0) from VPC. 

Thanks @MHM Cisco World for your advice, I have turn on debug , there is no output and nat table is empty. But when I ping to external server with the source IP 10.10.1.1 (local interface ), then can see the source IP is translated to external interface IP. I also turned on debug ip icmp on the server, the source IP is still VPC when ping from VPC. 

thanks @Scott Leport for your advice, I think the routing should be correct. For VPC, the gateway is 10.10.1.1 (SAC01 interface G0/0), and there is static route for the outbound traffics on SAC01. 

 

0 Helpful

M02@rt37
VIP
VIP
In response to Herman2018

ā€Ž01-03-2025 05:35 AM

Please

Enable debug to check NAT in action:

debug ip nat

Best regards
.ı|ı.ı|ı. If This Helps, Please Rate .ı|ı.ı|ı.
0 Helpful

MHM Cisco World
VIP
VIP
In response to Herman2018

ā€Ž01-03-2025 05:57 AM

I ask about coreSW if it L3 device then traffic not reach NATing device 

MHM

0 Helpful

Scott Leport
Level 7
Level 7

ā€Ž01-03-2025 02:17 AM

Hi, 

I just labbed up something very similar in EVE-NG and NAT translation works as expected for me. Assuming static routing here, make sure that your routing end-to-end is good. 

0 Helpful

paul driver
VIP
VIP

ā€Ž01-03-2025 11:47 AM

Hello
try the following:

SAC01
conf t
no access-list 1 
access-list 1 permit 10.10.1.0 0.0.0.255
ip route 0.0.0.0 0.0.0.0 gig0/1 10.20.1.x <next hop interface ip>


Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the communityā€™s global network.

Kind Regards
Paul
0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card