Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2651
Views
15
Helpful
4
Replies

Access list and ip nat inside

Tope
Level 1
Level 1

‎10-17-2017 06:54 PM - edited ‎03-08-2019 12:24 PM

Assuming you are a network consultant hired by a small business to verify why their new office in Allen, TX seems to be having connectivity problems.
According to the site manager, out of 20 employees, only Jack Brickson connects to the internet. You took a look at their router and found this:

R1# show run
!
!
!
access-list 100 permit ip 192.168.200.0 0.0.0.255 any
!
ip nat inside source list 100 interface Gi0/1
!
!

How will you explain the issue to the site manager and what will you do to resolve it

Labels:
0 Helpful
4 Replies 4

Meheretab Mengistu
Level 7
Level 7

‎10-17-2017 07:29 PM - edited ‎10-17-2017 07:30 PM

Hi Tope,

 

How will you explain the issue to the site manager and what will you do to resolve it?

Assuming everything else is configured correctly, you will resolve the issue by adding "overload" at the end of the "ip nat inside ..." command as follows:
ip nat inside source list 100 interface Gi0/1 overload

 

The best way to explain to the site manager is to tell the truth; that is, there was a mis-configuration.

 

 

HTH,

Meheretab

HTH,
Meheretab

Georg Pauwen
VIP
VIP

‎10-18-2017 12:35 AM

Hello,

 

in addition to Meheretab's post, you also do not need an extended access list, as NAT doesn't care about the destination. So:

 

access-list 1 permit 192.168.200.0 0.0.0.255 
!
ip nat inside source list 1 interface Gi0/1 overload

 

is sufficient (and decreases overhead)...

sajinstha0009936
Level 1
Level 1

‎05-28-2020 06:18 AM

overload is missing after interface gig0/1... 

0 Helpful

paul driver
VIP
VIP

‎05-28-2020 08:00 AM - edited ‎05-28-2020 08:01 AM

Hello
Not enough information to establish why you only have one user able to access the internet, Do the other users have the correct addressing?
Can you post the the output of the following into a file and share it.

 

sh run
sh ip nat translations
sh ip int brief
sh ip route

FYI - the overload keyword  is/should be automatically applied with that nat statement you shouldnt have to apply it manually as its on as default


Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul
0 Helpful
Customers Also Viewed These Support Documents