Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1459
Views
0
Helpful
6
Replies

NAT not translating

ildar94
Level 1
Level 1

‎01-17-2020 05:04 AM

Hi all. I have problem with nat and i dont find problem, two router where nat work and 1 rouret with dont working nat.

Please help me.

My topology:

topology.JPG

 

config in problem router:

!

ip dhcp excluded-address 10.200.16.1

ip dhcp excluded-address 10.200.32.1

ip dhcp excluded-address 10.200.48.1

ip dhcp excluded-address 10.200.64.1

!

ip dhcp pool sub-vlan10

network 10.200.16.0 255.255.240.0

default-router 10.200.16.1

dns-server 82.142.150.45

domain-name isp_vrn.ru

ip dhcp pool sub-vlan20

network 10.200.32.0 255.255.240.0

default-router 10.200.32.1

dns-server 82.142.150.45

domain-name isp_vrn.ru

ip dhcp pool sub-vlan30

network 10.200.48.0 255.255.240.0

default-router 10.200.48.1

dns-server 82.142.150.45

domain-name ips_vrn.ru

ip dhcp pool sub-vlan40

network 10.200.64.0 255.255.240.0

default-router 10.200.64.1

dns-server 82.142.150.45

domain-name ips_vrn.ru

!

!

!

ip cef

no ipv6 cef

!

!

!

!

license udi pid CISCO2911/K9 sn FTX1524775K-

!

!

!

!

!

!

!

!

!

!

!

spanning-tree mode pvst

!

!

!

!

!

!

interface GigabitEthernet0/0

ip address 46.32.150.65 255.255.255.252

ip nat outside

duplex auto

speed auto

!

interface GigabitEthernet0/1

no ip address

ip nat inside

duplex auto

speed auto

!

interface GigabitEthernet0/1.10

encapsulation dot1Q 10

ip address 10.200.16.1 255.255.240.0

ip nat inside

!

interface GigabitEthernet0/1.20

encapsulation dot1Q 20

ip address 10.200.32.1 255.255.240.0

ip nat inside

!

interface GigabitEthernet0/1.30

encapsulation dot1Q 30

ip address 10.200.48.1 255.255.240.0

ip nat inside

!

interface GigabitEthernet0/1.40

encapsulation dot1Q 40

ip address 10.200.64.1 255.255.240.0

ip nat inside

!

interface GigabitEthernet0/2

no ip address

duplex auto

speed auto

shutdown

!

interface Vlan1

no ip address

shutdown

!

ip nat inside source list 1 interface GigabitEthernet0/0 overload

ip classless

ip route 0.0.0.0 0.0.0.0 46.32.150.66

!

ip flow-export version 9

!

!

access-list 1 permit 10.240.0.0 0.0.255.255

!

package.JPG

 

 

 

dont_translate.JPG

 

 

I dont understand, why adresses don't translated?

 

Also i Have another rourer where nat working.

!

!

interface GigabitEthernet0/0

no ip address

ip nat inside

duplex auto

speed auto

!

interface GigabitEthernet0/0.100

encapsulation dot1Q 100

ip address 10.10.10.1 255.255.255.0

ip helper-address 10.10.1.2

ip access-group buh-acl out

ip nat inside

!

interface GigabitEthernet0/0.200

encapsulation dot1Q 200

ip address 10.10.20.1 255.255.255.0

ip helper-address 10.10.1.2

ip access-group mng-acl out

ip nat inside

!

interface GigabitEthernet0/0.300

encapsulation dot1Q 300

ip address 10.10.30.1 255.255.255.0

ip helper-address 10.10.1.2

ip access-group tech-in in

ip access-group tech-acl out

ip nat inside

!

interface GigabitEthernet0/0.500

encapsulation dot1Q 500

ip address 10.10.50.1 255.255.255.0

ip helper-address 10.10.1.2

ip access-group sales-in in

ip access-group sales-in out

ip nat inside

!

interface GigabitEthernet0/0.999

encapsulation dot1Q 999

ip address 10.10.99.1 255.255.255.0

ip helper-address 10.10.1.2

ip access-group dir-acl out

ip nat inside

!

interface GigabitEthernet0/0.1000

encapsulation dot1Q 1000

ip address 10.10.1.1 255.255.255.0

ip nat inside

!

interface GigabitEthernet0/1

ip address 46.32.130.65 255.255.255.252

ip nat outside

duplex auto

speed auto

!

interface GigabitEthernet0/2

no ip address

duplex auto

speed auto

shutdown

!

interface Vlan1

no ip address

shutdown

!

interface Vlan100

mac-address 00e0.f99a.0d01

no ip address

ip helper-address 10.10.1.2

ip nat inside

!

interface Vlan1000

mac-address 00e0.f99a.0d02

no ip address

ip nat inside

!

ip nat inside source list 1 interface GigabitEthernet0/1 overload

ip classless

ip route 0.0.0.0 0.0.0.0 46.32.130.66

!

ip flow-export version 9

!

!

ip access-list extended sales-in

deny ip 10.10.10.0 0.0.0.255 10.10.50.0 0.0.0.255

deny ip 10.10.20.0 0.0.0.255 10.10.50.0 0.0.0.255

deny ip 10.10.30.0 0.0.0.255 10.10.50.0 0.0.0.255

deny ip 10.10.99.0 0.0.0.255 10.10.50.0 0.0.0.255

permit ip any any

ip access-list extended buh-acl

deny ip 10.10.20.0 0.0.0.255 10.10.10.0 0.0.0.255

deny ip 10.10.30.0 0.0.0.255 10.10.10.0 0.0.0.255

deny ip 10.10.50.0 0.0.0.255 10.10.10.0 0.0.0.255

deny ip 10.10.99.0 0.0.0.255 10.10.10.0 0.0.0.255

permit ip any any

ip access-list extended tech-acl

deny ip 10.10.10.0 0.0.0.255 10.10.30.0 0.0.0.255

deny ip 10.10.20.0 0.0.0.255 10.10.30.0 0.0.0.255

deny ip 10.10.50.0 0.0.0.255 10.10.30.0 0.0.0.255

deny ip 10.10.99.0 0.0.0.255 10.10.30.0 0.0.0.255

permit ip any any

ip access-list extended dir-acl

deny ip 10.10.10.0 0.0.0.255 10.10.99.0 0.0.0.255

deny ip 10.10.20.0 0.0.0.255 10.10.99.0 0.0.0.255

deny ip 10.10.30.0 0.0.0.255 10.10.99.0 0.0.0.255

deny ip 10.10.50.0 0.0.0.255 10.10.99.0 0.0.0.255

permit ip any any

ip access-list extended mng-acl

deny ip 10.10.10.0 0.0.0.255 10.10.20.0 0.0.0.255

deny ip 10.10.30.0 0.0.0.255 10.10.20.0 0.0.0.255

deny ip 10.10.50.0 0.0.0.255 10.10.20.0 0.0.0.255

deny ip 10.10.99.0 0.0.0.255 10.10.20.0 0.0.0.255

permit ip any any

access-list 1 permit 10.10.0.0 0.0.255.255

!

translation.JPG

0 Helpful
6 Replies 6

Jaderson Pessoa
VIP Alumni
VIP Alumni

‎01-17-2020 05:19 AM - edited ‎01-17-2020 05:20 AM

Hello,

as you can see, the default gateway on your router is not pingable, check this connection firstly.

"ip route 0.0.0.0 0.0.0.0 46.32.150.66" << this address is not available according your attached files.. check it firstly and try again.

 

1. Check if both routers if their interfaces are up/up.

2. Check if the address is correctly on both routers.

3. Check if the connection is establish pinging it.

Jaderson Pessoa
*** Rate All Helpful Responses ***
0 Helpful

ildar94
Level 1
Level 1
In response to Jaderson Pessoa

‎01-17-2020 05:49 AM

config from router 46.32.150.66:

!

interface GigabitEthernet0/0/0

ip address 192.168.1.10 255.255.255.0

duplex auto

speed auto

!

interface GigabitEthernet0/0/1

ip address 46.32.150.66 255.255.255.252

duplex auto

speed auto

!

interface Vlan1

no ip address

shutdown

!

router bgp 5

bgp log-neighbor-changes

no synchronization

neighbor 192.168.1.1 remote-as 2

neighbor 192.168.1.20 remote-as 3

network 46.32.150.64 mask 255.255.255.252

!

ip classless

!

ip flow-export version 9

!

!

 

ping from problem router to interten over gateway successfull.

 

 

0 Helpful

Jaderson Pessoa
VIP Alumni
VIP Alumni
In response to ildar94

‎01-17-2020 05:54 AM

Could you post here the full config from both routers?

That has issue with nat and that is current gateway .64 network.
Jaderson Pessoa
*** Rate All Helpful Responses ***
0 Helpful

Georg Pauwen
VIP
VIP

‎01-17-2020 05:57 AM

Hello,

 

looking at your configuration, it seems to me that the access list:

 

access-list 1 permit 10.240.0.0 0.0.255.255

 

does not match any of the configured IP addresses on the problem router. Change it to:

 

access-list 1 permit 10.200.0.0 0.0.255.255

0 Helpful

ildar94
Level 1
Level 1
In response to Georg Pauwen

‎01-18-2020 02:19 AM

Ooo, sure. Thank you a lot. I mixed up the second octet of the network with a mask and don't see)))).

0 Helpful

Georg Pauwen
VIP
VIP
In response to ildar94

‎01-18-2020 03:31 AM

So it is working now ? 

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card