01-12-2025 08:56 PM - edited 01-12-2025 08:57 PM
HI All,
My ISP have provided the below config for a DIA circuit.
WAN Ips are private ones and LAN subnet is public(Subnets are hided in image for security)
I can reach the internet from the LAN public IP(ISP) provided from ISP if I have static route pointed to their WAN ip as below
But if I am trying to reach internet from my internal LAN ip(192.168.2.0/24) it's not working. I have NAT overload were my LAN ip(192.168.x.x) is insidelocal and LAN public IP provided from ISP as Insideglobal. Can any one provide suggestions to make this work..?
Do I need to make sure on routing of my internal LAN..?
Solved! Go to Solution.
01-12-2025 11:23 PM - edited 01-12-2025 11:23 PM
I believe you should config something like this. Your outside interface will have private 10.x IP given by ISP, which makes sense with your default route.
int g0/0/2.4
ip add 10.104.150.210 255.255.255.252
Once you make the above change, try to ping 10.104.150.209 (if allowed from ISP side)
! Configure proper START IP (A) and End IP (B) and subnet mask as given by ISP
ip nat pool NAT-POOL 202.X.X.A 202.X.X.B netmask 255.255.255.0
ip nat inside source list 10 pool NAT-POOL overload
Above config should fix your issue. Let me know if you observe any issues.
01-12-2025 09:04 PM
Could you please share inside interface, outside interface and NAT config (mask your public IP for security)?
01-12-2025 09:47 PM
Ip Nat Outside
IP Nat inside
NAT config
01-12-2025 09:35 PM
Hello @titusroz03
Please verify NAT translations using
#show ip nat translations command
When you try "to reach internet" from you LAN.... you test with icmp or webpage?
01-12-2025 09:40 PM
NO nat Translations are viewed since it hits route first and nat next.
01-12-2025 09:50 PM
When you try "to reach internet" from you LAN.... you test with icmp or webpage?
01-12-2025 11:21 PM
Yes...ICMP from router tested as below
01-13-2025 01:14 AM
Ok @titusroz03
So please check your ACL #10. Ensure that this ACL match tou LAN Netwok.
01-12-2025 11:23 PM - edited 01-12-2025 11:23 PM
I believe you should config something like this. Your outside interface will have private 10.x IP given by ISP, which makes sense with your default route.
int g0/0/2.4
ip add 10.104.150.210 255.255.255.252
Once you make the above change, try to ping 10.104.150.209 (if allowed from ISP side)
! Configure proper START IP (A) and End IP (B) and subnet mask as given by ISP
ip nat pool NAT-POOL 202.X.X.A 202.X.X.B netmask 255.255.255.0
ip nat inside source list 10 pool NAT-POOL overload
Above config should fix your issue. Let me know if you observe any issues.
01-13-2025 05:20 AM
Thank you very much..It worked as expected
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide