11-04-2018 02:35 PM - edited 03-05-2019 11:02 AM
I have the following topology :
I have an ethernet connection to another route out the opposite-side port of my LAN where I have the two vlans configured (VLAN, 10 (Marketing) and 20 (Sales))
Before I set up the following ACL and the following commands to supposedly set up PAT, I was able to successfully ping the DG of each vlans sub interface on both hosts.
Now I can't send packets to default gateaway and I don't know why
I even just slapped on a 'permit any' command on the acl.. I assume it has something to do with the ranges I set in my "NAT address pool"?
As always, super appreciative of any help or advice you can offer. I'm sure, it's a fundamental misunderstanding of PAT. I'll attach the file any-who.
Help at your most ideal convenience!!!
Solved! Go to Solution.
11-04-2018 03:27 PM
Hello,
It looks like both the access list and the pool use addresses from the same range ? Addresses used in the NAT pool must be on the outside interface...
11-04-2018 04:23 PM - edited 11-04-2018 04:32 PM
Hello
Attached is a revised working setup - please review it.
11-04-2018 06:37 PM
Hi,
I found that ACL and NATing were configured wrongly. Here I attached a working lab. You can compare with your lab.
Regards,
Deepak Kumar
11-05-2018 01:55 AM - edited 11-05-2018 05:38 AM
Hello
@Deepak Kumar
Thanks for the feedback - However after reviewing it again it my config looks all okay for basic communication between the two sites
Nat is is being performed on router 0 towards router 1 (wan designated) and the correct acl is being used for the two vlan inside router 0
11-04-2018 03:17 PM
What are you trying to do?
11-04-2018 03:27 PM
Hello,
It looks like both the access list and the pool use addresses from the same range ? Addresses used in the NAT pool must be on the outside interface...
11-10-2018 07:27 PM
Yep... I was at working, Youtubing when I "realized" this... But I just made it a real problem now! lol
I just set up the configuration as the following:
With the address, 192.168.254.1, being on the outside interface (fa0/1 ) of Router0.
I still am not able to ping Router1 ( Router of separate lan ), shown here ---v---
I'm pinging from, namely, Vlan 10 (where I setup access-list 15 to permit only, initially, but even with a "permit any" ACE, I can't get through to 'Router1'.
Shouldn't this work at this point? Routers are only connected over ethernet.. is it related to it being on a vlan? The outside interface doesn't need dot1q or something configured, does it? Sorry. It's taken me so long to get PAT down, I'm started to get worried lol
11-04-2018 04:23 PM - edited 11-04-2018 04:32 PM
Hello
Attached is a revised working setup - please review it.
11-04-2018 06:39 PM
11-04-2018 06:37 PM
11-05-2018 01:55 AM - edited 11-05-2018 05:38 AM
Hello
@Deepak Kumar
Thanks for the feedback - However after reviewing it again it my config looks all okay for basic communication between the two sites
Nat is is being performed on router 0 towards router 1 (wan designated) and the correct acl is being used for the two vlan inside router 0
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide