cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements
Join Customer Connection to register!
556
Views
30
Helpful
7
Replies
LateLearn
Beginner

PAT Troubles

I have the following topology :

acltroubletop.PNG

 

 

I have an ethernet connection to another route out the opposite-side port of my LAN where I have the two vlans configured (VLAN, 10 (Marketing) and 20 (Sales))

Before I set up the following ACL and the following commands to supposedly set up PAT, I was able to successfully ping the DG of each vlans sub interface on both hosts.

 

 

Now I can't send packets to default gateaway and I don't know why

I even just slapped on a 'permit any' command on the acl.. I assume it has something to do with the ranges I set in my "NAT address pool"? PATfund.PNG

 

As always, super appreciative of any help or advice you can offer. I'm sure, it's a fundamental misunderstanding of PAT. I'll attach the file any-who.

Help at your most ideal convenience!!!

4 ACCEPTED SOLUTIONS

Accepted Solutions
Georg Pauwen
VIP Expert

Hello,

 

It looks like both the access list and the pool use addresses from the same range ? Addresses used in the NAT pool must be on the outside interface...

View solution in original post

paul driver
VIP Mentor

Hello

 

Attached is a revised working setup - please review it.



kind regards
Paul

Please rate and mark posts accordingly if you have found any of the information provided useful.
It will hopefully assist others with similar issues in the future

View solution in original post

Deepak Kumar
VIP Advocate

Hi,

I found that ACL and NATing were configured wrongly. Here I attached a working lab. You can compare with your lab. 

 

Regards,

Deepak Kumar

Regards,
Deepak Kumar,
Don't forget to vote and accept the solution if this comment will help you!

View solution in original post

Hello

@Deepak Kumar 
Thanks for the feedback - However after reviewing it again it my config looks all okay for basic communication between the two sites

 

Nat is is being performed on router 0 towards router 1 (wan designated) and the correct acl is being used for the two vlan inside router 0

 

 



kind regards
Paul

Please rate and mark posts accordingly if you have found any of the information provided useful.
It will hopefully assist others with similar issues in the future

View solution in original post

7 REPLIES 7
a.alekseev
Rising star

What are you trying to do?

Georg Pauwen
VIP Expert

Hello,

 

It looks like both the access list and the pool use addresses from the same range ? Addresses used in the NAT pool must be on the outside interface...

View solution in original post

Yep... I was at working, Youtubing when I "realized" this... But I just made it a real problem now! lol

I just set up the configuration as the following:

patnat.PNG

With the address, 192.168.254.1, being on the outside interface (fa0/1 ) of Router0.

I still am not able to ping Router1 ( Router of separate lan ), shown here ---v---fromrouter0.PNG

 

 

I'm pinging from, namely, Vlan 10 (where I setup access-list 15 to permit only, initially, but even with a "permit any" ACE, I can't get through to 'Router1'.

Shouldn't this work at this point? Routers are only connected over ethernet.. is it related to it being on a vlan? The outside interface doesn't need dot1q or something configured, does it? Sorry. It's taken me so long to get PAT down, I'm started to get worried lol

 

paul driver
VIP Mentor

Hello

 

Attached is a revised working setup - please review it.



kind regards
Paul

Please rate and mark posts accordingly if you have found any of the information provided useful.
It will hopefully assist others with similar issues in the future

View solution in original post

Hi Paul,
Don't mind but where is NATing?

Regards,
Deepak Kumar
Regards,
Deepak Kumar,
Don't forget to vote and accept the solution if this comment will help you!
Deepak Kumar
VIP Advocate

Hi,

I found that ACL and NATing were configured wrongly. Here I attached a working lab. You can compare with your lab. 

 

Regards,

Deepak Kumar

Regards,
Deepak Kumar,
Don't forget to vote and accept the solution if this comment will help you!

View solution in original post

Hello

@Deepak Kumar 
Thanks for the feedback - However after reviewing it again it my config looks all okay for basic communication between the two sites

 

Nat is is being performed on router 0 towards router 1 (wan designated) and the correct acl is being used for the two vlan inside router 0

 

 



kind regards
Paul

Please rate and mark posts accordingly if you have found any of the information provided useful.
It will hopefully assist others with similar issues in the future

View solution in original post