PAT not translating, subinterfaces

stevek543 · ‎10-26-2022

Hello,

I've attached a screenshot from my topology in GNS3.

So, my problem is that PAT is not translating - shows nothing in the statistic or translations.

I want connectivity between PC1 (192.168.100.1 - VLAN10) and the BORDER-RA (1.1.1.2). Thats why I used PAT.

You can find my config of R1 and BORDER-RA attached.

On R1 i have HRSP (with R1 being primary with 192.168.100.254 on g0/0.10) together with R2 which you cant see but is not important. A default route to BORDER-RA (1.1.1.2), and a PAT config which allows traffic from VL10 and VL20 (192.168.100.0 and 192.168.200.0). SubIF g0/0.10 and .20 are configured with ip nat inside and g0/2 with ip nat outside. I doubt that the config of BORDER-RA is relevant, but I still uploaded it so maybe there is something wrong...

I captured traffic between both routers with Wireshark and when I ping from PC1 to 1.1.1.2, it shows only ICMP-Request with the source address 192.168.100.1 - which should not happen. THat means that traffic doesnt even pass the PAT-process, it goes straigt to the default route. I have no idea what's wrong I even rebuild the topology in Packet Tracer but there it works without problems.

Maybe you guys can help me.

MHM Cisco World · ‎10-26-2022

do traceroute, I want to see where the traceroute stop

stevek543 · ‎10-26-2022

It stops at 192.168.100.254 - the subIF

MHM Cisco World · ‎10-26-2022

please share the full topology and mention the subnet between each device

stevek543 · ‎10-26-2022

this is the full topology, pc1 is in vl10 (192.168.100.0) pc2 is in vl20 (192.168.200.0), the switches run vtp and stp

MHM Cisco World · ‎10-26-2022

I face many issue with l2 image in gns3,

do show standby in R1 and R2

chech if it see each other.

stevek543 · ‎10-26-2022

yes they can see each other

MHM Cisco World · ‎10-26-2022

OK,
ip nat inside
ip nat enable <<- why you use this command ?? remove this command and test again

stevek543 · ‎10-26-2022

no, doesnt work..

MHM Cisco World · ‎10-26-2022

remove if from both, keep only
ip nat inside <<- the interface receive traffic
ip nat outside <<- the interface overload PAT

I think you only remove it from interface receive traffic not from overload PAT interface ??

stevek543 · ‎10-26-2022

What do you mean? I made "no ip nat enable" on G0/0.10, on G0/0.20 and on G0/2.

MHM Cisco World · ‎10-26-2022

that great,
you remove the ip nat enable from also g0/2
now last thing is
change the access-list from name acl to standard 1-99 acl

ip nat inside source list PAT interface GigabitEthernet0/2 overload
ip route 0.0.0.0 0.0.0.0 1.1.1.2
!
ip access-list standard PAT
 permit 192.168.100.0
 permit 192.168.200.0

it will be

ip nat inside source list 1 interface GigabitEthernet0/2 overload
ip route 0.0.0.0 0.0.0.0 1.1.1.2
!
ip access-list standard 1
 permit 192.168.100.0
 permit 192.168.200.0

stevek543 · ‎10-26-2022

ip nat inside source list 1 interface GigabitEthernet0/2 overload
ip route 0.0.0.0 0.0.0.0 1.1.1.2
!
!
!
access-list 1 permit 192.168.100.0
access-list 1 permit 192.168.200.0

this is now the config

MHM Cisco World · ‎10-26-2022

is it work ??
show ip nat translate
and as you mention do wireshark capture the traffic between R1 and boarder router

stevek543 · ‎10-26-2022

its still 192.168.100.1 as source address