11-13-2018 10:10 AM - edited 03-05-2019 11:02 AM
So I have two routers connected via rollover cable (fa) on subnet 192.168.254.0 /30 I have to separate lans on either side on VLAN 10 (marketing )
fa0/0>>Router0
"Westside Marketing Lan"
PC2 and PC1 CAN ping each-other and their default gateway successfully.
(they can also ping the outside interface of Router1
East side Marketing lan
PC5 and PC8 CAN ping each-other and their default gateway successfully.
BUT, they can not ping the 'Global Inside' or Outside interface of Router0
I have them both set up pretty similar as for as PAT goes but I don't understand how the LAN on the West-side can ping the across the rollover cable (connecting Router0 to Router1).. to router1's 'global inside' interface (fa0/0 - ip: 192.168.254.2 ) BUT Nobody on the Marketing (vlan 10) lan on the East-Side can ping the 'Inside Global' interface of Router0 ( inter: fa0/1, IP: 192.168.254.1/30)
They conditions for PAT look perfect mirror images to me :/
( I don't use the nat pool.. ^)
Here, I have some redundant 'ip nat inside' declarations but, I added those on the main interfaces (Router1's 0/1, in particular) when using the 'ip nat inside' command wasn't working on the East side when used on the subinterface, but it was working on the West side. I just kinda flailed and threw 'ip nat inside' everywhere it wasn't.
So the question is why, given the above configurations, can I ping the 'global inside interface, of Router1, from the "West-side" lan. But I can't ping the 'Global inside interface' of Router0 (ip : 192.168.254.1 /30), from the "East-side" lan (PC8 and PC5)?
Solved! Go to Solution.
11-13-2018 09:11 PM
Hi,
The router 0 is configured with NAT so destination or PAT is not configured. You can configure the DNAT or tunnel between both routers.
Regards,
Deepak Kumar
11-13-2018 09:11 PM
Hi,
The router 0 is configured with NAT so destination or PAT is not configured. You can configure the DNAT or tunnel between both routers.
Regards,
Deepak Kumar
11-13-2018 09:21 PM
I'm not sure I understand. I have the outside interface listed in the running-config for fa0/1 on Router0 and I used the keyword 'Overload' in the "nat" statement. How do you mean, PAT is not configured?
11-13-2018 10:05 PM
Hi,
the configured NAT is called source NAT (overload) and it will work from Inside to outside. If you will try ping from outside interface to inside then it will not work and it is the default behaviour of NAT.
So If you want to access inside system from the outside than you have to configure Destination NAT or Port address translation. Destination NAT may PAT also.
for an example that your inside server (192.168.0.100) is having HTTP service enabled and you want to access from outside than you have two option either you can configure specific port 80 translation with help of destination of can configure one to one destination NAT. But still, you are typing your outside IP in your browser (you are setting outside).
Web server (192.168.0.100)-----(Router-Inside-Interface)(Router-Out-Inter)(100.100.100.1)-------(Internet/U)
Now you had configured port forwarding on the router for port 80 and you are trying to access your internal server from the internet/outside than you have typed your wan interface IP (or IP Pool address) in your browser.
Regards,
Deepak Kumar
11-14-2018 03:02 AM
Hello
@Deepak Kumar The problem here is that @LateLearn is wanting both sides to be natted but their wan interface (are inside global interfaces) but at the same time directly connected so this wont work, In this topology you should only designate one site to be the internal site and the other simulated as the wan or have another router between the two sites acting a the internet backbone.
11-14-2018 08:12 PM
" If you will try ping from outside interface to inside then it will not work and it is the default behavior of NAT. " Not necessarily the inside interface from the outside. However, my next clumsy venture, was to achieve reachability between hosts on either side. (PC8, on the "east-side", being able to reach Pc1 on "West-side"). I was wanting to play with how far the vlan tags can be carried between routers and see if I could maybe set up some interfaces associated with those vlans on the 'global inside'/ outside, interfaces of my connected routers. But I didn't want to go any further until I understood why I can reach (what I assume is the 'outside' / 'global inside' interface of) Router1 from both PC2 and PC1 on my "west-side" lan but I couldn't mimic any reciprocal success (just, "ping-wise") from my hosts on the "east side" lan, even though, I have them configured basically to the same effect.
This file is stuck in limbo... :/
11-14-2018 08:13 PM - edited 11-14-2018 08:22 PM
I just don't get it. Does router1 take some precedence over router0 as far as inside/outside/left/right goes, as to why it can be pinged by hosts on the other side of inside interface but router0 can't be because it has some sort of different relationship to the "east-side lan" than router0, has to the "west side lan"? that's a mouthful ..
I thought NAT with overload would just redress the packet with whichever 'global inside' or ip address was set on the outside interface?
Is the issue directly related to the configuration on the other router? Would it make a difference if their was a serial connection between routers or frame relay/ internet?
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: