11-16-2011 10:07 AM - edited 03-10-2019 12:16 PM
Hello.
I've got working PAT, but absolutely not sure how to perform additional task.
ip cef
no ip bootp server
no ipv6 cef
interface FastEthernet8
ip address 192.168.1.141 255.255.255.0
duplex auto
speed auto
!
!
interface GigabitEthernet0
ip address 194.56.32.5 255.255.255.0
ip nat outside
ip virtual-reassembly
duplex auto
speed auto
!
!
interface Vlan1
description $ETH-SW-LAUNCH$$INTF-INFO-FE 1$
ip address 10.10.10.1 255.255.255.0
ip nat inside
ip virtual-reassembly
ip tcp adjust-mss 1452
!
!
ip forward-protocol nd
ip http server
ip http authentication local
ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000
ip nat inside source list 10 interface GigabitEthernet0 overload
ip route 0.0.0.0 0.0.0.0 194.56.32.25
access-list 10 permit 10.10.10.0 0.0.0.255
no cdp run
Network diagram attached.
Is there a way to route Vlan1 (bypassing PAT) to a server in 192.168.1.0/24 network via Fa8 (let's say,
192.168.1.41)?
Thank you.
Solved! Go to Solution.
11-18-2011 09:56 AM
Hi,
Then try this for NAT with route-map :
http://www.cisco.com/en/US/tech/tk648/tk361/technologies_configuration_example09186a0080950834.shtml
Toshi
11-16-2011 10:11 AM
Hi,
you've got nothing special to do on the router as this 192.168.1.0/24 is directly connected.
Regards.
Alain
11-16-2011 10:22 AM
Vlan 1 can't even ping Fa8 network. Looks like i need some kind of policy to nat all requests to 192.168.0/24 via Fa8 instad of default Gi0...
11-16-2011 11:10 AM
Hi,
Can you post sh ip route and sh ip int br.
Regards.
Alain
11-16-2011 11:56 AM
Gateway of last resort is 194.56.32.250 to network 0.0.0.0
S* 0.0.0.0/0 [1/0] via 194.56.32.250
10.0.0.0/8 is variably subnetted, 4 subnets, 2 masks
C 10.10.10.0/24 is directly connected, Vlan1
L 10.10.10.1/32 is directly connected, Vlan1
C 192.168.1.0/22 is directly connected, FastEthernet8
192.168.1.0/32 is subnetted, 1 subnets
L 192.168.1.141 is directly connected, FastEthernet8
194.56.32.0/24 is variably subnetted, 2 subnets, 2 masks
C 194.56.32.0/24 is directly connected, GigabitEthernet0
L 194.56.32.5/32 is directly connected, GigabitEthernet0
Interface IP-Address OK? Method Status Protocol
Async1 unassigned YES NVRAM down down
FastEthernet0 unassigned YES unset up up
FastEthernet1 unassigned YES unset up up
FastEthernet2 unassigned YES unset down down
FastEthernet3 unassigned YES unset down down
FastEthernet4 unassigned YES unset down down
FastEthernet5 unassigned YES unset down down
FastEthernet6 unassigned YES unset down down
FastEthernet7 unassigned YES unset down down
FastEthernet8 192.168.1.141 YES NVRAM up up
GigabitEthernet0 194.56.32.5 YES NVRAM up up
NVI0 192.168.1.141 YES unset up up
Vlan1 10.10.10.1 YES NVRAM up up
11-16-2011 02:50 PM
Eugene Chumanov wrote:
Gateway of last resort is 194.56.32.250 to network 0.0.0.0
...
C 192.168.1.0/22 is directly connected, FastEthernet8 <<<<<192.168.1.0/32 is subnetted, 1 subnets
....
192.168.1.0/22 in the show ip route doesn't match the interface configured with 192.168.1.0/24.
Try rewriting the Fa8 confguration and see if the two are consisent then.
Like Alain says this is a routing issue. NAT is not involved since there is no NAT configured on Fa8.
To see who can reach where:
1: From a host in vlan 1.
Ping 10.10.10.1
Ping 192.168.1.141
Ping a host in 192.168.1.0/24
2: From the router
Ping the host in 10.10.10.0/24
Ping the host in 192.168.1.0/24
ping 10.10.10.x source 192.168.1.141
ping 192.168.1.x source 10.10.10.1
3: From a host in Fa8
Ping 192.168.1.141
Ping 10.10.10.1
Ping a host in 10.10.10.0/24
11-16-2011 11:49 AM
Is there a way to set up 2 nat pools?
1st pool - 192.168.1.0/24 network
2nd pool - all except 192.168.1.0/24 network?
Tnahk you
11-16-2011 11:58 AM
Hi,
yes you can do that with route-maps but it should be working without NAT.
For NAT to work routing must be working first so it's a chicken and egg problem
Can you post the outputs I asked before.
Regards.
Alain
11-18-2011 08:11 AM
Can you help me please. I am trying to run BGP and NAT but for some reason my NAT translations is not working.
11-18-2011 08:22 AM
Hi,
Can you start a new thread and post your topology as well as config.
Regards.
Alain
11-18-2011 07:24 AM
Hello
1: From a host in vlan 1.
Ping 10.10.10.1 - OK
Ping 192.168.1.141 - OK
Ping a host in 192.168.1.0/24 - 100% loss
2: From the router
Ping the host in 10.10.10.0/24 - 100% loss
Ping the host in 192.168.1.0/24 - OK
ping 10.10.10.x source 192.168.1.141 - 100% loss
ping 192.168.1.x source 10.10.10.1 - 100% loss
3: From a host in Fa8
Ping 192.168.1.141 - OK
Ping 10.10.10.1 - 100% loss
Ping a host in 10.10.10.0/24 - 100%loss
S* 0.0.0.0/0 [1/0] via 194.56.32.250
10.0.0.0/8 is variably subnetted, 4 subnets, 2 masks
C 10.10.10.0/24 is directly connected, Vlan1
L 10.10.10.1/32 is directly connected, Vlan1
C 192.168.1.0/24 is directly connected, FastEthernet8
192.168.1.0/32 is subnetted, 1 subnets
L 192.168.0.41 is directly connected, FastEthernet8
194.56.32.0/24 is variably subnetted, 2 subnets, 2 masks
C 194.56.32.0/24 is directly connected, GigabitEthernet0
L 194.56.32.5/32 is directly connected, GigabitEthernet0
Interface IP-Address OK? Method Status Protocol
Async1 unassigned YES NVRAM down down
FastEthernet0 unassigned YES unset up up
FastEthernet1 unassigned YES unset up up
FastEthernet2 unassigned YES unset down down
FastEthernet3 unassigned YES unset down down
FastEthernet4 unassigned YES unset down down
FastEthernet5 unassigned YES unset down down
FastEthernet6 unassigned YES unset down down
FastEthernet7 unassigned YES unset down down
FastEthernet8 192.168.1.141 YES NVRAM up up
GigabitEthernet0 194.56.32.5 YES NVRAM up up
NVI0 192.168.1.141 YES unset up up
Vlan1 10.10.10.1 YES NVRAM up up
Thank you.
11-18-2011 07:43 AM
Hi,
You've still got that weird output:
C 192.168.1.0/24 is directly connected, FastEthernet8
192.168.1.0/32 is subnetted, 1 subnets
L 192.168.0.41 is directly connected, FastEthernet8
Can you delete ip address from this interface and put it back on then repost sh ip route and redo your tests and if it is still failing then redo your pings from the router( not the extended ones) and debug arp + debug ip pack detail
sending all logs to buffer with logg buffered debugging and logg buffered 10000
then show log and post output.
Regards.
Alain.
11-18-2011 08:44 AM
OK. I had re-setup dhcp on router (vlan1) and added fa8 to live network with other addresses.
Pings are still not coming through.
In addition: Fa8 is a wan interface like Gi0
Does this matter?
Log shows nothing but activity on fa8:
Nov 18 16:31:08.371: IP ARP: rcvd req src 192.168.2.17 90e6.baf6.aa63, dst 192.168.0.20 FastEthernet8
Nov 18 16:31:08.371: IP ARP: rcvd req src 192.168.0.20 0025.9018.bbfe, dst 192.168.2.17 FastEthernet8
Nov 18 16:31:08.747: IP ARP: rcvd req src 192.168.3.162 0019.db5e.0581, dst 192.168.1.195 FastEthernet8
Nov 18 16:31:08.759: IP ARP req filtered src 192.168.3.162 0019.db5e.0581, dst 192.168.1.195 0000.0000.0000 wrong cable, interface Vlan2
Nov 18 16:31:08.759: IP ARP req filtered src 192.168.0.20 0025.9018.bbfe, dst 192.168.1.152 0000.0000.0000 wrong cable, interface Vlan2
sh ip int fa8
FastEthernet8 is up, line protocol is up
Internet address is 192.168.0.41/22
Broadcast address is 255.255.255.255
Address determined by non-volatile memory
MTU is 1500 bytes
Helper address is not set
Directed broadcast forwarding is disabled
Outgoing access list is not set
Inbound access list is not set
Proxy ARP is enabled
Local Proxy ARP is disabled
Security level is default
Split horizon is enabled
ICMP redirects are always sent
ICMP unreachables are always sent
ICMP mask replies are never sent
IP fast switching is enabled
IP fast switching on the same interface is disabled
IP Flow switching is disabled
IP CEF switching is enabled
IP CEF switching turbo vector
IP multicast fast switching is enabled
IP multicast distributed fast switching is disabled
IP route-cache flags are Fast, CEF
Router Discovery is disabled
IP output packet accounting is disabled
IP access violation accounting is disabled
TCP/IP header compression is disabled
RTP/IP header compression is disabled
Policy routing is disabled
Network address translation is disabled
BGP Policy Mapping is disabled
Input features: MCI Check
WCCP Redirect outbound is disabled
WCCP Redirect inbound is disabled
WCCP Redirect exclude is disabled
sh ip int Vlan1
Vlan1 is up, line protocol is up
Internet address is 10.20.11.1/24
Broadcast address is 255.255.255.255
Address determined by non-volatile memory
MTU is 1500 bytes
Helper address is not set
Directed broadcast forwarding is disabled
Outgoing access list is not set
Inbound access list is not set
Proxy ARP is enabled
Local Proxy ARP is disabled
Security level is default
Split horizon is enabled
ICMP redirects are always sent
ICMP unreachables are always sent
ICMP mask replies are never sent
IP fast switching is enabled
IP fast switching on the same interface is disabled
IP Flow switching is disabled
IP CEF switching is enabled
IP CEF switching turbo vector
IP Null turbo vector
IP multicast fast switching is enabled
IP multicast distributed fast switching is disabled
IP route-cache flags are Fast, CEF
Router Discovery is disabled
IP output packet accounting is disabled
IP access violation accounting is disabled
TCP/IP header compression is disabled
RTP/IP header compression is disabled
Policy routing is disabled
Network address translation is enabled, interface in domain inside
BGP Policy Mapping is disabled
Input features: Stateful Inspection, Virtual Fragment Reassembly, Virtual Fragment Reassembly After IPSec Decryption, MCI Check, TCP Adjust MSS
Output features: NAT Inside, Stateful Inspection, TCP Adjust MSS
WCCP Redirect outbound is disabled
WCCP Redirect inbound is disabled
WCCP Redirect exclude is disabled
C 10.20.11.0/24 is directly connected, Vlan1
L 10.20.11.1/32 is directly connected, Vlan1
C 10.90.90.0/24 is directly connected, Vlan2
L 10.90.90.11/32 is directly connected, Vlan2
C 192.168.0.0/22 is directly connected, FastEthernet8
192.168.0.0/32 is subnetted, 1 subnets
L 192.168.0.41 is directly connected, FastEthernet8
194.56.32.0/24 is variably subnetted, 2 subnets, 2 masks
C 194.56.32.0/24 is directly connected, GigabitEthernet0
L 194.56.32.5/32 is directly connected, GigabitEthernet0
Thank you
11-18-2011 09:53 AM
When i set up nat on this interface, all works perfect.
Now i'm trying to set up NAT on both Fa8 and Gi0
11-18-2011 09:56 AM
Hi,
Then try this for NAT with route-map :
http://www.cisco.com/en/US/tech/tk648/tk361/technologies_configuration_example09186a0080950834.shtml
Toshi
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide