01-11-2010 11:13 PM - edited 03-06-2019 09:14 AM
Hi,
I have a problem with my vlan, I have crated a vlan using cisco catalyst 2960, inside that vlan I have a particular computer (10.1.1.254) that I want it to communicate with the outside, from that computer I can ping the outside that is 172.16.1.0 255.255.255.0, but from the outside, I canot reach that computer, below are configurations of router and switch.
Router configuration
Building configuration...
Current configuration : 849 bytes
!
version 12.4
no service password-encryption
!
hostname rle_siege
!
!
enable secret 5 $1$mERr$5dgad4i7JjcA5bc3fzMg0.
!
!
!
!
ip ssh version 1
!
!
interface FastEthernet0/0
description WAN
ip address 172.16.1.1 255.255.255.0
duplex auto
speed auto
!
interface FastEthernet0/1
description LAN
ip address 192.168.0.1 255.255.255.128
ip nat outside
duplex auto
speed auto
!
interface FastEthernet0/1.2
encapsulation dot1Q 2
ip address 10.1.1.1 255.255.255.0
ip access-group 1 in
ip access-group 2 out
ip nat inside
!
interface Vlan1
no ip address
!
ip nat inside source static 10.1.1.254 192.168.0.30
ip classless
!
!
!
line con 0
password xxxxx
login
line vty 0 4
password xxxxx
login
!
!
end
switch configuration
Building configuration...
Current configuration : 1216 bytes
!
version 12.2
no service password-encryption
!
hostname Switch
!
!
!
interface FastEthernet0/1
switchport access vlan 2
switchport mode access
!
interface FastEthernet0/2
switchport access vlan 2
switchport mode access
!
interface FastEthernet0/3
!
interface FastEthernet0/4
switchport mode trunk
!
interface FastEthernet0/5
switchport access vlan 2
switchport mode access
!
interface FastEthernet0/6
switchport access vlan 3
switchport mode access
!
interface FastEthernet0/7
!
interface FastEthernet0/8
!
interface FastEthernet0/9
!
interface FastEthernet0/10
!
interface FastEthernet0/11
!
interface FastEthernet0/12
!
interface FastEthernet0/13
!
interface FastEthernet0/14
!
interface FastEthernet0/15
!
interface FastEthernet0/16
!
interface FastEthernet0/17
!
interface FastEthernet0/18
!
interface FastEthernet0/19
!
interface FastEthernet0/20
!
interface FastEthernet0/21
!
interface FastEthernet0/22
!
interface FastEthernet0/23
!
interface FastEthernet0/24
switchport mode trunk
!
interface GigabitEthernet1/1
!
interface GigabitEthernet1/2
!
interface Vlan1
ip address 10.1.100.1 255.255.255.0
!
ip default-gateway 192.168.0.1
!
line con 0
!
line vty 0 4
login
line vty 5 15
login
!
!
end
01-11-2010 11:42 PM
Hi,
Are you pinging the direct ip 10.1.1.254 or the natted one which is there in your router and you have configured access group in you interface which access list is binded with the interface.
Regards
Ganesh.H
01-12-2010 12:09 AM
When I ping the address 10.1.1.254 it is ok, but when I ping the nat address 192.168.0.30, it is not ok. the acces list wich are binded to interface are:
!
access-list 1 permit host 10.1.1.254
access-list 2 permit 172.16.1.0 0.0.0.255
!
thanks.
01-12-2010 12:15 AM
Hi,
Can you try remove this ip access-group 2 out from interface and then check and also when you ping the natt ip share the show ip nat translation on router.
HTH
Regards
Ganesh.H
01-12-2010 12:31 AM
Thank you for your support,
I removed the ip acces-group 2 ont the router, it is still not ok, this is the output of sh ip nat translation:
rle_siege#sh ip nat translations
Pro Inside global Inside local Outside local Outside global
--- 192.168.0.30 10.1.1.254 --- ---
thanks
01-12-2010 01:35 AM
Hi,
Just drop a reverse route in router for 10.1.1.0/24 towards 192.168.0.1 and then check !!
HTH
Regards
Ganesh.H
01-13-2010 01:25 AM
Hi
You wrote " I can ping the outside that is 172.16.1.0 " , but interface fa0/0 is missing the nat statement.
Try to do " ip nat outside" on fa0/0.
/Mikael
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide