Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1452
Views
5
Helpful
9
Replies

My PAT(NAT overload) is not working

Go to solution
Zaks
Level 1
Level 1

‎02-02-2022 08:14 AM - last edited on ‎02-03-2022 10:00 PM by Community Manager

 

Current configuration : 1587 bytes

!

! Last configuration change at 14:42:17 UTC Wed Feb 2 2022 by admin

!

version 15.0

service timestamps debug datetime msec

service timestamps log datetime msec

service password-encryption

!

hostname Router-01

!

boot-start-marker

boot-end-marker

!

enable password 7 0822455D0A16

!

no aaa new-model

!

!

!

!

no ipv6 cef

ip source-route

ip cef

!

!

!

!

ip domain name HotelSpoorzicht.local

!

multilink bundle-name authenticated

!

!

username admin password 7 030752180500

!

redundancy

!

!

ip ssh version 2

!

interface GigabitEthernet0/0

no ip address

ip nat inside

ip virtual-reassembly

duplex auto

speed auto

!

!

interface GigabitEthernet0/0.20

encapsulation dot1Q 20

ip address 10.10.20.1 255.255.255.0

!

interface GigabitEthernet0/0.30

encapsulation dot1Q 30

ip address 10.10.30.1 255.255.255.0

!

interface GigabitEthernet0/0.40

encapsulation dot1Q 40

ip address 10.10.40.1 255.255.255.0

!

interface GigabitEthernet0/0.50

encapsulation dot1Q 50

ip address 10.10.50.1 255.255.255.240

!

interface GigabitEthernet0/1

ip address dhcp

ip nat outside

ip virtual-reassembly

duplex auto

speed auto

!

!

ip forward-protocol nd

!

no ip http server

no ip http secure-server

!

ip nat inside source list 10 interface GigabitEthernet0/1 overload

!

access-list 10 permit 10.0.0.0 0.255.255.255

!

control-plane

!

!

!

line con 0

exec-timeout 0 0

password 7 00071A150754

logging synchronous

login

line aux 0

line vty 0 4

exec-timeout 0 0

login local

transport input ssh

!

scheduler allocate 20000 1000

end


 

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Georg Pauwen
VIP
VIP

‎02-02-2022 09:15 AM - last edited on ‎02-03-2022 10:10 PM by Community Manager

Hello,

 

add the lines marked in bold to your configuration:

 

Current configuration : 1587 bytes
!
! Last configuration change at 14:42:17 UTC Wed Feb 2 2022 by admin
!
version 15.0
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname Router-01
!
boot-start-marker
boot-end-marker
!
enable password 7 0822455D0A16
!
no aaa new-model
!
no ipv6 cef
ip source-route
ip cef
!
ip domain name HotelSpoorzicht.local
!
multilink bundle-name authenticated
!
username admin password 7 030752180500
!
redundancy
!
ip ssh version 2
!
interface GigabitEthernet0/0
no ip address
ip nat inside
ip virtual-reassembly
duplex auto
speed auto
!
interface GigabitEthernet0/0.20
encapsulation dot1Q 20
ip address 10.10.20.1 255.255.255.0
--> ip nat inside
!
interface GigabitEthernet0/0.30
encapsulation dot1Q 30
ip address 10.10.30.1 255.255.255.0
--> ip nat inside
!
interface GigabitEthernet0/0.40
encapsulation dot1Q 40
ip address 10.10.40.1 255.255.255.0
--> ip nat inside
!
interface GigabitEthernet0/0.50
encapsulation dot1Q 50
ip address 10.10.50.1 255.255.255.240
--> ip nat inside
!
interface GigabitEthernet0/1
ip address dhcp
ip nat outside
ip virtual-reassembly
duplex auto
speed auto
!
ip forward-protocol nd
!
no ip http server
no ip http secure-server
!
ip nat inside source list 10 interface GigabitEthernet0/1 overload
!
--> ip route 0.0.0.0 0.0.0.0 GigabitEthernet0/1 dhcp
!
access-list 10 permit 10.0.0.0 0.255.255.255
!
control-plane
!
line con 0
exec-timeout 0 0
password 7 00071A150754
logging synchronous
login
line aux 0
line vty 0 4
exec-timeout 0 0
login local
transport input ssh
!
scheduler allocate 20000 1000
end

View solution in original post

0 Helpful
9 Replies 9

Go to solution
Flavio Miranda
VIP
VIP

‎02-02-2022 08:21 AM

Hi

 

NAT with DHCP.  Can´t you put an IP address there?  Dont think is going to work.

 

interface GigabitEthernet0/1

ip address dhcp

ip nat outside

ip virtual-reassembly

duplex auto

speed auto
0 Helpful

Go to solution
Zaks
Level 1
Level 1
In response to Flavio Miranda

‎02-02-2022 08:50 AM - last edited on ‎02-03-2022 10:08 PM by Community Manager

Hi Flavio!

The GigabitEthernet0/1 is my link to the WAN(Internet) so if I do not use a
DHCP I won't be able to get an IP address from the WAN side.

0 Helpful

Go to solution
Flavio Miranda
VIP
VIP
In response to Zaks

‎02-02-2022 09:10 AM - last edited on ‎02-03-2022 10:06 PM by Community Manager

Got it.

 

  You should have a route on the router like this:

0.0.0.0 0.0.0.0  >> ISP

Considering  you dont know your gateway IP address, then, try to put interface GigabitEthernet0/1

 

0 Helpful

Go to solution
Zaks
Level 1
Level 1
In response to Flavio Miranda

‎02-02-2022 09:27 AM - last edited on ‎02-04-2022 12:15 AM by Community Manager

I tried to do that at first, but for some reason I when i did

 show IP route

, I show that a static default route was configured with the next hop as the WAN IP address but I tried configuring one manually but that did not help as well.

0 Helpful

Go to solution
Zaks
Level 1
Level 1
In response to Flavio Miranda

‎02-02-2022 08:50 AM

The GigabitEthernet0/1 is my link to the WAN(Internet) so if I do not use a DHCP I won't be able to get an IP address from the WAN side.

0 Helpful

Go to solution
Georg Pauwen
VIP
VIP

‎02-02-2022 09:15 AM - last edited on ‎02-03-2022 10:10 PM by Community Manager

Hello,

 

add the lines marked in bold to your configuration:

 

Current configuration : 1587 bytes
!
! Last configuration change at 14:42:17 UTC Wed Feb 2 2022 by admin
!
version 15.0
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname Router-01
!
boot-start-marker
boot-end-marker
!
enable password 7 0822455D0A16
!
no aaa new-model
!
no ipv6 cef
ip source-route
ip cef
!
ip domain name HotelSpoorzicht.local
!
multilink bundle-name authenticated
!
username admin password 7 030752180500
!
redundancy
!
ip ssh version 2
!
interface GigabitEthernet0/0
no ip address
ip nat inside
ip virtual-reassembly
duplex auto
speed auto
!
interface GigabitEthernet0/0.20
encapsulation dot1Q 20
ip address 10.10.20.1 255.255.255.0
--> ip nat inside
!
interface GigabitEthernet0/0.30
encapsulation dot1Q 30
ip address 10.10.30.1 255.255.255.0
--> ip nat inside
!
interface GigabitEthernet0/0.40
encapsulation dot1Q 40
ip address 10.10.40.1 255.255.255.0
--> ip nat inside
!
interface GigabitEthernet0/0.50
encapsulation dot1Q 50
ip address 10.10.50.1 255.255.255.240
--> ip nat inside
!
interface GigabitEthernet0/1
ip address dhcp
ip nat outside
ip virtual-reassembly
duplex auto
speed auto
!
ip forward-protocol nd
!
no ip http server
no ip http secure-server
!
ip nat inside source list 10 interface GigabitEthernet0/1 overload
!
--> ip route 0.0.0.0 0.0.0.0 GigabitEthernet0/1 dhcp
!
access-list 10 permit 10.0.0.0 0.255.255.255
!
control-plane
!
line con 0
exec-timeout 0 0
password 7 00071A150754
logging synchronous
login
line aux 0
line vty 0 4
exec-timeout 0 0
login local
transport input ssh
!
scheduler allocate 20000 1000
end
0 Helpful

Go to solution
Zaks
Level 1
Level 1
In response to Georg Pauwen

‎02-02-2022 09:40 AM

Hi,

 

Thank you for your message but I would like to know why I have to add those lines.

 

Thanks anyways

0 Helpful

Go to solution
Georg Pauwen
VIP
VIP
In response to Zaks

‎02-02-2022 09:49 AM

Hello,

 

the title of your post is:

 

--> My PAT(NAT overload) is not working

 

These lines are basic NAT configuration. The router needs to know what the inside NAT enabled interface are.

Go to solution
paul driver
VIP
VIP
In response to Zaks

‎02-02-2022 11:38 AM - last edited on ‎02-03-2022 10:11 PM by Community Manager

Hello

@Zaks wrote:

Thank you for your message but I would like to know why I have to add those lines.


ip nat inside =  this specifys the inside nat domains (interfaces -real ip subnets) that you wish to be translated
ip nat outside =  this specifys the outside nat domains (public facing interfaces) which outside hosts will connect to
ip route 0.0.0.0 0.0.0.0 GigabitEthernet0/1 dhcp= is required to route any non local destination traffic via the public wan interface.



When translation occurs inside > outside then local inside real ip address will be translated to the public routable outside interface ip address,

The rtr will perform a route lookup and see the destination address of the traffic is via the wan (outside) interface, as traffic is routed towards the outside interface (via the default static route) a network translation will be performed real ip address <> translated ip address

Any outside hosts receiving traffic from your router will see the source ip originating from your rtrs outside interface so any return traffic will have a destination address of your public wan ip address

For the return traffic as it arrives at your router, the router will see it has a translation entry for that destination port/address, it will perform the translation from public ip address into the real ip address of your inside host and then perform a route lookup to forward that traffic onwards to real ip address/port of the inside host.


Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul
0 Helpful
Customers Also Viewed These Support Documents