6807 Nat problem

Daniel Davidson · ‎11-01-2017

We needed to change the IP of our many to one nat earlier today. Relevant config lines below:

interface Vlan90
ip address 192.168.122.1 255.255.255.0
ip nat inside
!
interface Vlan281
ip address a.b.c.d 255.255.252.0
ip nat outside
ip flow monitor campus-public-monitor input
!

ip nat inside source list 101 interface Vlan281 overload

ip route 0.0.0.0 0.0.0.0 a.b.c.1

access-list 101 permit ip 192.168.122.0 0.0.0.255 any

This worked for over a year, then when one of my people changed int ouside nat IP to a.b.c.e, everything but pings stopped working. So we can still ping google and our dns, but if you try to query google from our dns (in a.b.c.x) then it will not happen. What are we doing wrong? Apologies if this posted twice.

Julio E. Moisa · ‎11-01-2017

Hi

Have you tried to clean the translations?

clear ip nat translations *

Also the ACL could be a standard ACL

access-list 10 permit 192.168.122.0 0.0.0.255

>> Marcar como útil o contestado, si la respuesta resolvió la duda, esto ayuda a futuras consultas de otros miembros de la comunidad. <<

Reza Sharifi · ‎11-01-2017

Did you change provider?

Was your public facing IP changed?

casanavep · ‎11-01-2017

Have you tried:

- remove nat inside/outside form all interfaces

- delete the global nat policies

- reapply

something like...:

conf t

do clear ip nat trans *

y

int vlan 90

no ip nat inside

int vlan 281

no ip nat outside

no ip nat inside source list 101 interface Vlan281 overload

!

! <-- give it a minute to chew on this, memory allocations to clear

!

int vlan 90

ip nat inside

int vlan 281

ip nat outside

ip nat inside source list 101 interface Vlan281 overload

end

!