cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1323
Views
10
Helpful
7
Replies

NAT Configuration

martynch1
Level 1
Level 1

Hi All, I hoping you can help me out with the NAT below, I can ping 8.8.8.8 so verified that I have external connectivity.

Topology
Cisco Router > Trunk port to Cisco Switch > Trunk to Cisco AP

My laptop on WiFi gets an IP address of 192.168.10.1/24 with a GW of 254 which I can ping, I can not get out to the Internet though, tracing fails at .254, below is my Router config: -

 

ip dhcp excluded-address 192.168.20.254
ip dhcp excluded-address 192.168.30.254
ip dhcp excluded-address 192.168.40.254
!
ip dhcp pool CAWFC
network 192.168.10.0 255.255.255.0
default-router 192.168.10.254
dns-server 1.1.1.1 8.8.8.8
!
ip dhcp pool FSM
network 192.168.20.0 255.255.255.0
dns-server 1.1.1.1 8.8.8.8
default-router 192.168.20.254
!
ip dhcp pool THERA
network 192.168.30.0 255.255.255.0
dns-server 1.1.1.1 8.8.8.8
default-router 192.168.30.254
!
ip domain lookup source-interface Ethernet0.101
ip domain name CAWFC
ip name-server 8.8.8.8
!
interface Ethernet0
no ip address
!
interface Ethernet0.101
encapsulation dot1Q 101
pppoe enable group global
pppoe-client dial-pool-number 1
!
interface GigabitEthernet0
switchport trunk allowed vlan 1,10,20,30,1002-1005
switchport mode trunk
no ip address
!
interface GigabitEthernet7
description LAN LINK
switchport mode trunk
no ip address
spanning-tree portfast
!
interface Vlan10
description CAWFC
ip address 192.168.10.254 255.255.255.0
ip nat inside
ip virtual-reassembly in
!
interface Vlan20
description FSM
ip address 192.168.20.254 255.255.255.0
ip nat inside
ip virtual-reassembly in
!
interface Vlan30
description THERA
ip address 192.168.30.254 255.255.255.0
ip nat inside
ip virtual-reassembly in
!
interface Vlan100
description Management
ip address 192.168.100.254 255.255.255.0
!
interface Dialer1
ip address negotiated
no ip redirects
no ip unreachables
no ip proxy-arp
ip nbar protocol-discovery
ip flow ingress
ip nat outside
ip virtual-reassembly in
encapsulation ppp
dialer pool 1
ppp ipcp address accept
no cdp enable
!
ip forward-protocol nd
no ip http server
no ip http secure-server
!
ip nat pool CAWFC 192.168.10.0 192.168.10.254 netmask 255.255.255.0
ip nat pool FSM 192.168.20.0 192.168.20.254 netmask 255.255.255.0
ip nat pool THERA 192.168.30.0 192.168.30.254 netmask 255.255.255.0
ip nat inside source list CAWFC interface Ethernet0.101 overload
ip nat inside source list FSM interface Ethernet0.101 overload
ip nat inside source list THERA interface Ethernet0.101 overload
ip route 0.0.0.0 0.0.0.0 Dialer1
!
ip access-list standard SSH_ACCESS
!
ip access-list extended NAT
permit ip 192.168.20.0 0.0.0.255 any
permit ip 192.168.10.0 0.0.0.255 any
permit ip 192.168.30.0 0.0.0.255 any

 

Could you let me know why this is not working please?

Thanks,

Chet

7 Replies 7

The interface referenced in the nat statement should be the outside interface. In your case, that would Dialer1. You aren't referencing the nat pool's you defined, but those would have to be outside addresses if you were using them.

No sure I follow, sorry

@martynch1 

You've configured nat but the list you are referencing is the NAT pool, change this to your ACL called "NAT".

Good catch. I missed that part. If you used that ACL, you would only a single statement of "ip nat".

ip nat inside source list NAT interface Dialer1 overload

So this:

ip nat inside source list NAT interface Dialer1 overload
!
ip access-list extended NAT
permit ip 192.168.20.0 0.0.0.255 any
permit ip 192.168.10.0 0.0.0.255 any
permit ip 192.168.30.0 0.0.0.255 any

Yes, try that.

Hello
try the folowing
int dailer 1
ip mtu 1492
ip tcp adjust-mss 1452
ppp ipcp dns request
exit
ip nat inside source list NAT interface dialer1 overload


no ip nat inside source list CAWFC interface Ethernet0.101 overload
no ip nat inside source list FSM interface Ethernet0.101 overload
noip nat inside source list THERA interface Ethernet0.101 overload


Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul
Review Cisco Networking for a $25 gift card