Solved: NAT on subinterfaces

JUANNN · ‎12-22-2024

Hello,

I have a simple topology on CML 2.7.2:

and I am trying to get NAT to work like the following:

NAT ROUTER

But is not working, on the output of show ip nat tr there is 0 translations being done when I send traffic through G1.10 from HOST (on vlan 10) towards 192.168.1.1 (VLAN 100) or any network past GW (1.1.1.1, 100.100.100.100, etc...). My understanding is that routing goes before NAT on the INSIDE, so traffic from VLAN 10 towards GW should be routed with the default-route (or directly connected G1.100 if destination is 192.168.1.1) and then the source to be translated to 192.168.1.2, so that way the GW router does not need a route to 10.0.0.0 /26 (VLAN 10) when forwards traffic back.

Is it possible to have one subinterface as inside and another one as outside? Or no?

Thanks, any help appreciated,

juan

JUANNN · ‎12-22-2024

Hello:

Thanks for reply. Issue solved: the acl for list 1 was permit 10.0.0.0 0.0.0.64 and it should be 0.0.0.63, since vlan 10 is 10.0.0.0 /26. At least confirmed that NAT "on a stick" works for CML.

Thanks again,

Juan

View solution in original post

MHM Cisco World · ‎12-22-2024

Show ip interface breif <<- check if subinterface is UP/UP

If it UP/UP then disable u-rpf

MHM

JUANNN · ‎12-22-2024

Hello:

Thanks for reply. Issue solved: the acl for list 1 was permit 10.0.0.0 0.0.0.64 and it should be 0.0.0.63, since vlan 10 is 10.0.0.0 /26. At least confirmed that NAT "on a stick" works for CML.

Thanks again,

Juan