Solved: Re: NAT configured but not working

nealvanrooij · ‎10-01-2020

Hello,

I've been struggling with a NAT issue that I couldn't fix, so I've come to ask for help here.

My lab infrastructure is :

(Device) -- ([fa0/4] Switch Catalyst 3560-C [fa0/1]) -- ([fa0/0.14] Router 1841 [fa0/1])-- (172.16.37.1)

With the device, I can ping up to Router fa0/1, but can't reach 172.16.37.1.

The router can ping the DG and other addresses further behind.

I entered those line on my router's config :

interface FastEthernet0/0.14
  encapsulation dot1Q 14
  ip address 172.20.14.1 255.255.255.0
  ip nat inside

interface FastEthernet0/1
  ip address dhcp
  ip nat outside

ip route 0.0.0.0 0.0.0.0 172.16.37.1

ip access-list standard list1
  permit 172.20.0.0 0.0.255.255

ip nat inside source list list1 interface FastEthernet0/1 overload

I don't see anything that is missing on here and don't understand why my pings and other requests are not going through.

Could anybody help me ?

Thanks a lot,

Neal

Georg Pauwen · ‎10-01-2020

Hello,

the device connecting your school lab network to the Internet needs to NAT your network (172.20.14.0/24, or 172.20.0.0/16) as well, and have a route back to that range.

View solution in original post

MHM Cisco World · ‎10-12-2020

As other mention,
the Router toward word is config via static route,
but the static route is use ip address that always change because it get ip address through the DHCP.
so when time it ip address and other time it different.
so
ip route 0.0.0.0 0.0.0.0 f0/1
try this and see do
show ip route
you must see the static route with next ip hop that relearn from DHCP.

View solution in original post

Georg Pauwen · ‎10-01-2020

Hello,

since you are routing towards a private address (172.16.37.1), what is in front of that router ?

Try and change your configuration to:

ip route 0.0.0.0 0.0.0.0 FastEthernet0/1 dhcp

!

ip access-list standard list1
permit 172.20.14.0 0.0.0.255

nealvanrooij · ‎10-01-2020

Hello George,

Sorry, I forgot to explain that part. The 172.16.37.1 gateway is my school lab network, which then leads to Internet.

Also, my access list is this wide because I'd like to add more VLANs later.

I'll test your idea. Thanks for the reply

Georg Pauwen · ‎10-01-2020

Hello,

the device connecting your school lab network to the Internet needs to NAT your network (172.20.14.0/24, or 172.20.0.0/16) as well, and have a route back to that range.

nealvanrooij · ‎10-03-2020

Hello,

I tried your idea, but it doesn't seem to work.

I really don't understand what I'm missing here.

Georg Pauwen · ‎10-03-2020

Hello,

can the Internet facing device ping anything in your home network ?

What device is that, can you post the configuration ?

nealvanrooij · ‎10-13-2020

I missed a bit in the configruation, sorry.

Thanks a lot for the answer !

MHM Cisco World · ‎10-12-2020

As other mention,
the Router toward word is config via static route,
but the static route is use ip address that always change because it get ip address through the DHCP.
so when time it ip address and other time it different.
so
ip route 0.0.0.0 0.0.0.0 f0/1
try this and see do
show ip route
you must see the static route with next ip hop that relearn from DHCP.