Cisco Basic nat not working

Ss73293 · ‎03-21-2020

Hi,

See attached image.

I have two routers at L3 and the first one is doing NAT to and from internet. W1 is the WAN router (from ISP, which is also doing a NAT and giving dhcp IP to the R1) I have configured basic nat and static routing on two routers, R1 and R2. The problem is:

from R1, I can ping internet gateway 192.168.1.1

From R2, I can ping R1's 192.168.1.2 but not 192.168.1.1

From PC, I can not ping / reach outside.

Can someone help if I am missing something?

Config:

R1:

# Interface gi1/0/1

# ip address dhcp

# ip nat outside

# Interface gi1/0/15

# ip address 10.10.10.1/24

# ip nat inside

# ip route add 10.10.0.0/16 10.10.10.1

# ip nat inside source list 101 interface gi 1/0/1 overload

# access-list 101 permit ip any any

R2:

# Interface gi1/0/15

# ip address 10.10.10.2/24

#ip route default 10.10.10.1

# Interface gi1/0/1

# ip address 10.10.11.2/24

PC:

# ip address 10.10.11.3/24

Default Gateway 10.10.11.2

Cristian Matei · ‎03-21-2020

Hi,

1. Sometimes, "permit ip any any" in the NAT config creates some problems; replace that statement with "permit ip 10.10.0.0 0.0.255.255 any".

2. Make sure you actually get an IP address from the DHCP server.

3. Who you ping from the PC to the ISP router, look in the NAT translation table, do you see any translations? "show ip nat translations".

Regards,

Cristian Matei.

Ss73293 · ‎03-21-2020

Thankyou Cristian.

Answers below:

a) I have made the change to 'permit ip 10.10.0.0 0.0.255.255 any'

b) I get the IP address 192.168.1.2 form ISP router / DHCP. From R1, I can ping the gateway (192.168.1.1) , google.com and others.

c) Now, from the PC and from R2, I can ping 192.168.1.2 (last hop to internet router), but no response from PC or R2 when I ping 192.168.1.1.

So something is wrong with the NAT.

I don't see any entry in the NAT table on R1.

R1#show ip nat translations
R1#

R1#show ip nat stat
Total active translations: 0 (0 static, 0 dynamic; 0 extended)
Outside interfaces:
GigabitEthernet1/0/1
Inside interfaces:
GigabitEthernet1/0/15
Hits: 12 Misses: 0
CEF Translated packets: 0, CEF Punted packets: 0
Expired translations: 2
Dynamic mappings:
-- Inside Source
[Id: 4] access-list 105 interface GigabitEthernet1/0/1 refcount 0

R1#show ip route
Default gateway is 192.168.1.1

Host Gateway Last Use Total Uses Interface
ICMP redirect cache is empty

On R2:

R2#show ip route
Default gateway is 10.10.10.1

Host Gateway Last Use Total Uses Interface
ICMP redirect cache is empty

Ss73293 · ‎03-21-2020

Also this is a Cisco Catalyst 3560-CX. Is NAT supported in this?

Reza Sharifi · ‎03-22-2020

Hi,

No, that switch does not support NAT. To do NAT, you need a router.

HTH

Cristian Matei · ‎03-23-2020

Hi,

Based on the output, there is no "routing" configured on your routers. Can you enable "ip routing" on all routers and test it again?

R1#show ip route
Default gateway is 192.168.1.1

Host Gateway Last Use Total Uses Interface
ICMP redirect cache is empty

R2#show ip route
Default gateway is 10.10.10.1

Host Gateway Last Use Total Uses Interface
ICMP redirect cache is empty

Regards,

Cristian Matei.

paul driver · ‎03-23-2020

Hello

Looks like you need to double nat unless that is you are able to change the nat on the isp router, Try appending the following configuration,

R1

no ip route 10.10.0.0 255.255.0.0 10.10.10.1
ip route 10.10.11.0 255.255.255.0 10.10.10.2
ip route 0.0.0.0 0.0.0.0 gig1/0/1 dhcp

int gig1/0/1
ip nat outside

int gig1/0/15
ip nat inside
exit

no access-list 101
access-list 101 permit ip 10.10.10.0.0.0.255 any
access-list 101 permit ip 10.10.11.0.0.0.255 any

Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul