Here is a GNS3 VM, plugged right into the router, there isn't even a switch involved this time. I set its interface and default gateway to 10.0.1.1, and set the VM itself to 10.0.1.2, but still no joy.

Hi

 Pretty messy this...look you private message please.

I can't seem to add to my last post due to some forum bug (hitting return keeps duplicating the image instead of putting the cursor at the end) so starting a new reply.

I tried traceroute but it doesn't get any further than 172.16.1.1.

This the other version I have of the router config, where I have set the inside and outside (it's a completely different GNS3 project):

R1#show run
Building configuration...

Current configuration : 1269 bytes
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname R1
!
boot-start-marker
boot-end-marker
!
!
no aaa new-model
memory-size iomem 5
no ip icmp rate-limit unreachable
ip cef
!
!
!
!
ip name-server 8.8.8.8
!
multilink bundle-name authenticated
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
archive
log config
hidekeys
!
!
!
!
ip tcp synwait-time 5
!
!
!
!
interface FastEthernet0/0
ip address 192.168.0.1 255.255.255.0
ip nat inside
ip virtual-reassembly
duplex auto
speed auto
!
interface FastEthernet0/1
ip address 172.16.0.1 255.255.255.0
ip nat inside
ip virtual-reassembly
duplex auto
speed auto
!
interface FastEthernet1/0
ip address 192.168.1.121 255.255.255.0
ip nat outside
ip virtual-reassembly
duplex auto
speed auto
!
ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 192.168.1.1
!
!
no ip http server
no ip http secure-server
ip nat inside source list 10 interface FastEthernet1/0 overload
!
access-list 10 permit 0.0.0.0
no cdp log mismatch duplex
!
!
!
!
!
!
control-plane
!
!
!
!
!
!
!
!
!
!
line con 0
exec-timeout 0 0
privilege level 15
logging synchronous
line aux 0
exec-timeout 0 0
privilege level 15
logging synchronous
line vty 0 4
login
!
!
end

> What do you want to accomplish ?

I want my VMs to be able to access the web, which they can't right now. I've been trying to do it for over 3 weeks, it's amazingly difficult apparently!

> Where is 192.168.2.121 configured, which device is that ?

that is the outside interface of my router.

> So basically, from what source IP address do you want to NAT to which destination IP address ?

From 192.168.0.1 and 172.16.0.1 to 192.168.1.121 (I think).

Edit: I don't know why I put `192.168.2.121`, I meant `192.168.1.121`. So I think maybe I need to do

R1(config)#ip nat inside source static 192.168.0.1 192.168.1.121
R1(config)#ip nat inside source static 172.16.0.1 192.168.1.121

Is that correct?

Hello

First of all think of NAT as a way of hiding networks you do not wish to advertise 

So to NAT any of your internal networks to have reachability  to the “Outside” first they need to be reachable from your own NAT router, So make sure this is correct first

Now when you have reachability internally from your NAT rtr then you can begin with  your NAT

Your “wan” interface is the public facing interface that external networks can reach so this is where in most cases NAT translates internal addresses too however you use can use ANY IP address not just the one assigned to your wan interface it doesn’t even need to be assigned to the wan interface for it to work as long it’s publicly routable and it specifically owned by you so external networks can reach it.

so 192.168.2.x is a viable addressing to NAT with if you own it and as I said it’s reachable externally.

Lastly
ip nat inside source static 172.16.0.1 192.168.2.121

Ip nat inside source static 192.168.0.1 192.168.2.121

isnt viable as they will conflict in the NAT table so if you want to use just the external ip address then static PAT would be more applicable

ip nat inside source static tcp 172.16.0.1 443 192.168.2.121 443

Ip nat inside source static tcp 192.168.0.1 80 192.168.2.121 80

or dynamic PAT

ip nat inside source list xxx interface xxx overload

> or dynamic PAT

> ip nat inside source list xxx interface xxx overload

Yup, that's what I was trying to do.

ip nat inside source list 10 interface fa1/0 overload

Settings that I've entered appear to have vanished a couple of time, so I'm having to re-enter them.

Anyway, I re-added those static routes to my physical router:

Then I re-set the static route on the virtual router like this:

ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 192.168.1.11

I don't know why it was set like this again??

ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 192.168.1.1

Anyway, I put it back to .11, but that way I can't even ping 8.8.8.8 from the router, never mind from a VM.

It is only when I have the static route set on the router to .1 (which is my physical router) that I am at least able to ping 8.8.8.8 from the virtual router.

Anyway, no matter how I have things set, my VMs can never get any further than 192.168.0.1 or 172.16.0.1.