Re: PAT/NAT translation not working

SCPMAN · ‎05-07-2022

I have been working on a network for one of my classes with the goal being PC10,20,30 to ping Loopback0 interface on the ISP router. The PC's are all DHCP and have been configured correctly and as far as I know the PAT has been as well.

When I try to ping it reply's as host unreachable.
PT file linked.

-ACL is configured on R2 to prevent PC30 ICMP traffic to PC10

-PAT is configured on R1

-OSPF has been configured on the network with full connectivity except for the ISP router which has not been linked

-Default route has been configured on R1 to ISP router

-R3 has is the DHCP router

-Current NAT configuration

int gig0/0/1

ip nat inside

int gig0/0/2

ip nat outside

access-list 1 permit 10.10.0.0. 0.0.255.255

ip nat inside source list interface gig0/0/2 overload

-R1 and R3 are able to ping the ISP interface but not the loopback0

Georg Pauwen · ‎05-08-2022

Hello,

make the changes marked in bold:

ISP#sh run
Building configuration...

Current configuration : 762 bytes
!
version 15.4
no service timestamps log datetime msec
no service timestamps debug datetime msec
no service password-encryption
!
hostname ISP
!
no ip cef
no ipv6 cef
!
spanning-tree mode pvst
!
interface Loopback0
ip address 8.0.0.1 255.255.255.255
!
interface GigabitEthernet0/0/0
ip address 100.0.0.2 255.255.255.0
duplex auto
speed auto
!
interface GigabitEthernet0/0/1
no ip address
duplex auto
speed auto
shutdown
!
interface GigabitEthernet0/0/2
no ip address
duplex auto
speed auto
shutdown
!
interface Vlan1
no ip address
shutdown
!
ip classless
--> ip route 0.0.0.0 0.0.0.0 GigabitEthernet0/0/0
!
ip flow-export version 9
!
line con 0
!
line aux 0
!
line vty 0 4
login
!
end

R1#sh run
Building configuration...

Current configuration : 1085 bytes
!
version 15.4
no service timestamps log datetime msec
no service timestamps debug datetime msec
no service password-encryption
!
hostname R1
!
no ip cef
no ipv6 cef
!
spanning-tree mode pvst
!
interface GigabitEthernet0/0/0
ip address 10.30.30.1 255.255.255.0
--> ip nat inside
duplex auto
speed auto
!
interface GigabitEthernet0/0/1
ip address 192.168.10.1 255.255.255.0
ip nat inside
duplex auto
speed auto
!
interface GigabitEthernet0/0/2
media-type sfp
ip address 100.0.0.1 255.255.255.0
ip nat outside
duplex auto
speed auto
!
interface Vlan1
no ip address
shutdown
!
router ospf 1
log-adjacency-changes
network 10.30.30.0 0.0.0.255 area 0
network 192.168.10.0 0.0.0.255 area 1
--> default-information originate
!
ip nat inside source list 1 interface GigabitEthernet0/0/2 overload
ip classless
ip route 0.0.0.0 0.0.0.0 100.0.0.2
ip route 10.10.2.0 255.255.255.0 192.168.10.2
!
ip flow-export version 9
!
--> access-list 1 permit 10.0.0.0 0.255.255.255
--> access-list 1 permit 192.168.10.0 0.0.0.255
!
line con 0
!
line aux 0
!
line vty 0 4
login
!
end

paul driver · ‎05-08-2022

Hello

The reason NAT isnt working is due to the fact RTR2/4 dont have any default route for off site destinations if you advertise a default from RTR 1 into the network for RTR2/4 then it will work

Also Relocate the ACL 100 onto RTR4 and just deny specifically icmp echo and echo-reply

Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul