Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1412
Views
30
Helpful
7
Replies

PAT Troubles

Go to solution
LateLearn
Level 1
Level 1

‎11-04-2018 02:35 PM - edited ‎03-05-2019 11:02 AM

I have the following topology :

acltroubletop.PNG

 

 

I have an ethernet connection to another route out the opposite-side port of my LAN where I have the two vlans configured (VLAN, 10 (Marketing) and 20 (Sales))

Before I set up the following ACL and the following commands to supposedly set up PAT, I was able to successfully ping the DG of each vlans sub interface on both hosts.

 

 

Now I can't send packets to default gateaway and I don't know why

I even just slapped on a 'permit any' command on the acl.. I assume it has something to do with the ranges I set in my "NAT address pool"? PATfund.PNG

 

As always, super appreciative of any help or advice you can offer. I'm sure, it's a fundamental misunderstanding of PAT. I'll attach the file any-who.

Help at your most ideal convenience!!!

Labels:
patworkzi.zip
0 Helpful
4 Accepted Solutions

Accepted Solutions

Go to solution
Georg Pauwen
VIP
VIP

‎11-04-2018 03:27 PM

Hello,

 

It looks like both the access list and the pool use addresses from the same range ? Addresses used in the NAT pool must be on the outside interface...

View solution in original post

Go to solution
paul driver
VIP
VIP

‎11-04-2018 04:23 PM - edited ‎11-04-2018 04:32 PM

Hello

 

Attached is a revised working setup - please review it.


Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul

View solution in original post

patworkNEW.zip

Go to solution
Deepak Kumar
VIP Alumni
VIP Alumni

‎11-04-2018 06:37 PM

Hi,

I found that ACL and NATing were configured wrongly. Here I attached a working lab. You can compare with your lab. 

 

Regards,

Deepak Kumar

Regards,
Deepak Kumar,
Don't forget to vote and accept the solution if this comment will help you!

View solution in original post

patworkzi.zip

Go to solution
paul driver
VIP
VIP
In response to Deepak Kumar

‎11-05-2018 01:55 AM - edited ‎11-05-2018 05:38 AM

Hello

@Deepak Kumar 
Thanks for the feedback - However after reviewing it again it my config looks all okay for basic communication between the two sites

 

Nat is is being performed on router 0 towards router 1 (wan designated) and the correct acl is being used for the two vlan inside router 0

 

 


Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul

View solution in original post

7 Replies 7

Go to solution
a.alekseev
Level 7
Level 7

‎11-04-2018 03:17 PM

What are you trying to do?

Go to solution
Georg Pauwen
VIP
VIP

‎11-04-2018 03:27 PM

Hello,

 

It looks like both the access list and the pool use addresses from the same range ? Addresses used in the NAT pool must be on the outside interface...

Go to solution
LateLearn
Level 1
Level 1
In response to Georg Pauwen

‎11-10-2018 07:27 PM

Yep... I was at working, Youtubing when I "realized" this... But I just made it a real problem now! lol

I just set up the configuration as the following:

patnat.PNG

With the address, 192.168.254.1, being on the outside interface (fa0/1 ) of Router0.

I still am not able to ping Router1 ( Router of separate lan ), shown here ---v---fromrouter0.PNG

 

 

I'm pinging from, namely, Vlan 10 (where I setup access-list 15 to permit only, initially, but even with a "permit any" ACE, I can't get through to 'Router1'.

Shouldn't this work at this point? Routers are only connected over ethernet.. is it related to it being on a vlan? The outside interface doesn't need dot1q or something configured, does it? Sorry. It's taken me so long to get PAT down, I'm started to get worried lol

 

0 Helpful

Go to solution
paul driver
VIP
VIP

‎11-04-2018 04:23 PM - edited ‎11-04-2018 04:32 PM

Hello

 

Attached is a revised working setup - please review it.


Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul
patworkNEW.zip

Go to solution
Deepak Kumar
VIP Alumni
VIP Alumni
In response to paul driver

‎11-04-2018 06:39 PM

Hi Paul,
Don't mind but where is NATing?

Regards,
Deepak Kumar
Regards,
Deepak Kumar,
Don't forget to vote and accept the solution if this comment will help you!

Go to solution
Deepak Kumar
VIP Alumni
VIP Alumni

‎11-04-2018 06:37 PM

Hi,

I found that ACL and NATing were configured wrongly. Here I attached a working lab. You can compare with your lab. 

 

Regards,

Deepak Kumar

Regards,
Deepak Kumar,
Don't forget to vote and accept the solution if this comment will help you!
patworkzi.zip

Go to solution
paul driver
VIP
VIP
In response to Deepak Kumar

‎11-05-2018 01:55 AM - edited ‎11-05-2018 05:38 AM

Hello

@Deepak Kumar 
Thanks for the feedback - However after reviewing it again it my config looks all okay for basic communication between the two sites

 

Nat is is being performed on router 0 towards router 1 (wan designated) and the correct acl is being used for the two vlan inside router 0

 

 


Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card