Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1298
Views
10
Helpful
7
Replies

NAT Configuration

martynch1
Level 1
Level 1

‎06-26-2021 06:29 AM

Hi All, I hoping you can help me out with the NAT below, I can ping 8.8.8.8 so verified that I have external connectivity.

Topology
Cisco Router > Trunk port to Cisco Switch > Trunk to Cisco AP

My laptop on WiFi gets an IP address of 192.168.10.1/24 with a GW of 254 which I can ping, I can not get out to the Internet though, tracing fails at .254, below is my Router config: -

 

ip dhcp excluded-address 192.168.20.254
ip dhcp excluded-address 192.168.30.254
ip dhcp excluded-address 192.168.40.254
!
ip dhcp pool CAWFC
network 192.168.10.0 255.255.255.0
default-router 192.168.10.254
dns-server 1.1.1.1 8.8.8.8
!
ip dhcp pool FSM
network 192.168.20.0 255.255.255.0
dns-server 1.1.1.1 8.8.8.8
default-router 192.168.20.254
!
ip dhcp pool THERA
network 192.168.30.0 255.255.255.0
dns-server 1.1.1.1 8.8.8.8
default-router 192.168.30.254
!
ip domain lookup source-interface Ethernet0.101
ip domain name CAWFC
ip name-server 8.8.8.8
!
interface Ethernet0
no ip address
!
interface Ethernet0.101
encapsulation dot1Q 101
pppoe enable group global
pppoe-client dial-pool-number 1
!
interface GigabitEthernet0
switchport trunk allowed vlan 1,10,20,30,1002-1005
switchport mode trunk
no ip address
!
interface GigabitEthernet7
description LAN LINK
switchport mode trunk
no ip address
spanning-tree portfast
!
interface Vlan10
description CAWFC
ip address 192.168.10.254 255.255.255.0
ip nat inside
ip virtual-reassembly in
!
interface Vlan20
description FSM
ip address 192.168.20.254 255.255.255.0
ip nat inside
ip virtual-reassembly in
!
interface Vlan30
description THERA
ip address 192.168.30.254 255.255.255.0
ip nat inside
ip virtual-reassembly in
!
interface Vlan100
description Management
ip address 192.168.100.254 255.255.255.0
!
interface Dialer1
ip address negotiated
no ip redirects
no ip unreachables
no ip proxy-arp
ip nbar protocol-discovery
ip flow ingress
ip nat outside
ip virtual-reassembly in
encapsulation ppp
dialer pool 1
ppp ipcp address accept
no cdp enable
!
ip forward-protocol nd
no ip http server
no ip http secure-server
!
ip nat pool CAWFC 192.168.10.0 192.168.10.254 netmask 255.255.255.0
ip nat pool FSM 192.168.20.0 192.168.20.254 netmask 255.255.255.0
ip nat pool THERA 192.168.30.0 192.168.30.254 netmask 255.255.255.0
ip nat inside source list CAWFC interface Ethernet0.101 overload
ip nat inside source list FSM interface Ethernet0.101 overload
ip nat inside source list THERA interface Ethernet0.101 overload
ip route 0.0.0.0 0.0.0.0 Dialer1
!
ip access-list standard SSH_ACCESS
!
ip access-list extended NAT
permit ip 192.168.20.0 0.0.0.255 any
permit ip 192.168.10.0 0.0.0.255 any
permit ip 192.168.30.0 0.0.0.255 any

 

Could you let me know why this is not working please?

Thanks,

Chet

Labels:
7 Replies 7

Elliot Dierksen
VIP
VIP

‎06-26-2021 06:36 AM

The interface referenced in the nat statement should be the outside interface. In your case, that would Dialer1. You aren't referencing the nat pool's you defined, but those would have to be outside addresses if you were using them.

0 Helpful

martynch1
Level 1
Level 1
In response to Elliot Dierksen

‎06-26-2021 07:37 AM

No sure I follow, sorry

0 Helpful

Rob Ingram
VIP
VIP

‎06-26-2021 06:38 AM

@martynch1 

You've configured nat but the list you are referencing is the NAT pool, change this to your ACL called "NAT".

Elliot Dierksen
VIP
VIP
In response to Rob Ingram

‎06-26-2021 06:42 AM

Good catch. I missed that part. If you used that ACL, you would only a single statement of "ip nat".

ip nat inside source list NAT interface Dialer1 overload
0 Helpful

martynch1
Level 1
Level 1
In response to Rob Ingram

‎06-26-2021 07:36 AM

So this:

ip nat inside source list NAT interface Dialer1 overload
!
ip access-list extended NAT
permit ip 192.168.20.0 0.0.0.255 any
permit ip 192.168.10.0 0.0.0.255 any
permit ip 192.168.30.0 0.0.0.255 any

0 Helpful

Elliot Dierksen
VIP
VIP
In response to martynch1

‎06-26-2021 10:10 AM

Yes, try that.

0 Helpful

paul driver
VIP
VIP

‎06-26-2021 10:18 AM - edited ‎06-26-2021 10:19 AM

Hello
try the folowing
int dailer 1
ip mtu 1492
ip tcp adjust-mss 1452
ppp ipcp dns request
exit
ip nat inside source list NAT interface dialer1 overload


no ip nat inside source list CAWFC interface Ethernet0.101 overload
no ip nat inside source list FSM interface Ethernet0.101 overload
noip nat inside source list THERA interface Ethernet0.101 overload


Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul
0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card