Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
844
Views
0
Helpful
4
Replies

Where should I configure "ip nat outside" command ?

DuJin0509
Level 1
Level 1

‎02-19-2017 11:45 PM - edited ‎03-05-2019 08:03 AM

Hello,

We are configuring PPPOA on Cisco router and we need enable NAT feafure for inside users to access the internet.

We created ATM sub-interface and VIrtual-template interface, when we enable "ip nat outside" under ATM sub-interface, we observed no any packet hit the ACL which ACL nested in ip nat and the inside users couldn't access the outside network at all, when I configured the "ip nat outside" under virtual-template interface, they could access outside network normally.

Please advise which is the proper interface to enable " ip nat outside"? If there is rule to limit the interface type where the ip nat out side should be configured?

For example, if the command should be configured on an interface whcih interface must have an IP address there ?

Labels:
0 Helpful
4 Replies 4

Georg Pauwen
VIP
VIP

‎02-20-2017 12:17 AM

Hello,

with PPPoA you typically have a Dialer interface, that is where the 'ip nat outside' command should be configured on.

If you are not sure what to configure, post the router configuration so we can add the necessary bits and pieces...

0 Helpful

DuJin0509
Level 1
Level 1
In response to Georg Pauwen

‎02-20-2017 12:44 AM

Hello Georg,

I extracted the key configuration from our router as below, if the virtual-template interface is equivalent with dialer interface?

interface ATM0  >>>>>>This is physical ATM interface
 no ip address
 no atm ilmi-keepalive

interface ATM0.1 point-to-point  >>>>>>Sub-infterface
 ip unnumbered Loopback10
 ip nat outside
 ip virtual-reassembly
 no snmp trap link-status
 pvc 8/35
  cbr 2048
  tx-ring-limit 2
  encapsulation aal5mux ppp Virtual-Template1
  max-reserved-bandwidth 100

interface Virtual-Template1
 bandwidth 2048
 ip unnumbered Loopback10
 no peer default ip address
 ppp multilink
 ppp multilink links maximum 1
 ppp multilink interleave
 ppp multilink endpoint hostname
 ppp multilink fragment delay 3
 max-reserved-bandwidth 100

interface Vlan1  >>>>>>>>>>>>>>>> LAN SVI
 ip address 10.11.1.2 255.255.255.240
 ip access-group 110 in
 no ip proxy-arp
 ip nat inside
 ip virtual-reassembly

ip nat inside source list 1 interface Loopback0 overload

access-list 1 permit 10.11.1.0 0.0.0.15

When"ip nat outside" enabled on sub-interface, nat didn't work. It works well after I enable "ip nat outside" on virtual-template interface.

0 Helpful

Georg Pauwen
VIP
VIP
In response to DuJin0509

‎02-20-2017 12:53 AM

Hello,

'ip nat outside' on the virtual template interface is correct. You don't need it on (physical) sub interfaces.

0 Helpful

DuJin0509
Level 1
Level 1
In response to Georg Pauwen

‎02-20-2017 01:20 AM

Hello Georg,

Thanks a lot for your swift reply, could you please advise where should I find some offical stuffs to prove this configuration is valid ?

We need this to confront  customer's challenge.

0 Helpful
Customers Also Viewed These Support Documents