Thanks

This is what i thought at first but i thought i could not insert only one ip in the pool.

Thanks

I have tested it this weekend but it did not work. The first pool works but the second did not work.

The Ip`s and the subnets are ok. When i change the nat to translate it to the interface it works but with the wrong global ip.

pls help me

Can you post the configuration you used ?

Jon

ip nat pool Internal 80.123.101.126 80.123.101.126 netmask 255.255.255.252
ip nat pool Wlan 80.123.101.127 80.123.101.127 netmask 255.255.255.252

ip nat inside source list 100 pool Internal overload
ip nat inside source list 101 pool Wlan overload

access-list 100 permit ip 192.168.0.0 0.0.0.255 any
access-list 101 permit ip 192.168.1.0 0.0.0.255 any

interface FastEthernet0/0.1
 description *****Intern*****
 encapsulation dot1Q 10
 ip address 192.168.0.1 255.255.255.0
 ip nat inside
 ip virtual-reassembly
!
interface FastEthernet0/0.2
 description *****WLAN*****
 encapsulation dot1Q 20
 ip address 192.168.1.1 255.255.255.0
 ip access-group Wlan in
 ip nat inside
 ip virtual-reassembly
!

interface FastEthernet0/1
 description *****WAN*****
 ip address 80.123.101.126 255.255.255.248
 ip access-group Outside_in in
 ip verify unicast reverse-path
 ip inspect Firewall in
 ip nat outside
 ip virtual-reassembly
 duplex auto
 speed auto
!

Thanks

I can't see why that wouldn't work to be honest.

I will test it out when I get the chance (later today) but as far as I can see it should have worked fine.

What device/IOS version are you using ?

Did you check the translation table when you tried to connect from both subnets ?

Jon

Cisco IOS Software, 1841 Software (C1841-ADVSECURITYK9-M), Version 15.1(1)T, RELEASE SOFTWARE (fc1)

This is my software version

I checked the nat translation. The Inside network was ok but on the wlan i have no entry.

Maybe the subnet was to small and the global ip`s are to close ???

Raimund

Raimund

Just tested this and as expected it works fine.

You have an acl on your WLAN interface, could that be blocking the packets ?

Jon

I have tested it without the acl and than i insert it on the interface.

This acl is only for blocking wlan to the internal network.

ip access-list extended Wlan
 permit ip any host 192.168.0.8
 permit ip host 192.168.1.100 any
 permit ip host 192.168.1.101 any
 permit ip host 192.168.1.102 any
 permit ip host 192.168.1.103 any
 deny   ip any 192.168.0.0 0.0.0.255
 permit ip any any

Don't know what to say really.

I have used this before and even tested it just to make sure.

When you try to connect what does the translation table show ?

Jon

Testrouter#show ip nat translations

Testrouter#

nothing on wlan interface

when i switch to intern everything is working.

Can you pls post your config?

My configuration is pretty much the NAT setup and basic connectivity between a L3 switch and some routers.

Are you sure this a NAT problem and not basic connectivity from that subnet ?

Can you ping the default gateway from a client on that subnet ?

Jon

I think i found the problem

I have a cisco 1841 with a 4ESW Switchport interface. When i connect the fe0/1 port on the router it will work with the pool address. I made a vlan on the switchport with a interface and ip. Then i configure the vlan interface as inside and insert a nat with a pool adress. This doesn`t work. When i change the Nat to the interface fa0/0 (outside) it works.

Do you have any idea why?  It seems to me that the switchport can only NAT to an interface and not to a pool. Strange

000631: *Feb  3 11:53:40.822: NAT: translation failed (A), dropping packet s=192.168.3.10 d=64.233.166.94
000632: *Feb  3 11:53:41.554: NAT: translation failed (A), dropping packet s=192.168.3.10 d=192.168.20.50
000633: *Feb  3 11:53:43.550: NAT: translation failed (A), dropping packet s=192.168.3.10 d=192.168.20.50
000634: *Feb  3 11:53:44.566: NAT: translation failed (A), dropping packet s=192.168.3.10 d=192.168.20.50

Raimund

I'm confused by your output because it is referencing 192.168.3.x IPs but you don't have these anywhere in your configuration.

Can you clarify ?

Jon