cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1211
Views
0
Helpful
6
Replies

communication between vlan and outside

habibnoubissi
Level 1
Level 1

Hi,

I have a problem with my vlan, I have crated a vlan using cisco catalyst 2960, inside that vlan I have a particular computer (10.1.1.254) that I want it to communicate with the outside, from that computer I can ping the outside that is 172.16.1.0 255.255.255.0, but from the outside, I canot reach that computer, below are configurations of  router and switch.

Router configuration

Building configuration...

Current configuration : 849 bytes
!
version 12.4
no service password-encryption
!
hostname rle_siege
!
!
enable secret 5 $1$mERr$5dgad4i7JjcA5bc3fzMg0.
!
!
!
!
ip ssh version 1
!
!
interface FastEthernet0/0
description WAN
ip address 172.16.1.1 255.255.255.0
duplex auto

speed auto
!
interface FastEthernet0/1
description LAN
ip address 192.168.0.1 255.255.255.128
ip nat outside
duplex auto
speed auto
!
interface FastEthernet0/1.2
encapsulation dot1Q 2
ip address 10.1.1.1 255.255.255.0
ip access-group 1 in
ip access-group 2 out
ip nat inside
!
interface Vlan1
no ip address
!
ip nat inside source static 10.1.1.254 192.168.0.30
ip classless
!

!
!
line con 0
password xxxxx
login
line vty 0 4
password xxxxx
login
!
!
end

switch configuration

Building configuration...

Current configuration : 1216 bytes
!
version 12.2
no service password-encryption
!
hostname Switch
!
!
!
interface FastEthernet0/1
switchport access vlan 2
switchport mode access
!
interface FastEthernet0/2
switchport access vlan 2
switchport mode access
!
interface FastEthernet0/3
!
interface FastEthernet0/4

switchport mode trunk
!
interface FastEthernet0/5
switchport access vlan 2
switchport mode access
!
interface FastEthernet0/6
switchport access vlan 3
switchport mode access
!
interface FastEthernet0/7
!
interface FastEthernet0/8
!
interface FastEthernet0/9
!
interface FastEthernet0/10
!
interface FastEthernet0/11
!
interface FastEthernet0/12

!
interface FastEthernet0/13
!
interface FastEthernet0/14
!
interface FastEthernet0/15
!
interface FastEthernet0/16
!
interface FastEthernet0/17
!
interface FastEthernet0/18
!
interface FastEthernet0/19
!
interface FastEthernet0/20
!
interface FastEthernet0/21
!
interface FastEthernet0/22
!
interface FastEthernet0/23

!
interface FastEthernet0/24
switchport mode trunk
!
interface GigabitEthernet1/1
!
interface GigabitEthernet1/2
!
interface Vlan1
ip address 10.1.100.1 255.255.255.0
!
ip default-gateway 192.168.0.1
!
line con 0
!
line vty 0 4
login
line vty 5 15
login
!
!
end

6 Replies 6

Ganesh Hariharan
VIP Alumni
VIP Alumni

Hi,

Are you pinging the direct ip 10.1.1.254 or the natted one which is there in your router and you have configured access group in you interface which access list is binded with the interface.

Regards

Ganesh.H

When I ping the address 10.1.1.254 it is ok, but when I ping the nat address 192.168.0.30, it is not ok. the acces list wich are binded to interface are:

!
access-list 1 permit host 10.1.1.254
access-list 2 permit 172.16.1.0 0.0.0.255
!

thanks.

Hi,

Can you try remove this ip access-group 2  out from interface and then check and also when you ping the natt ip share the show ip nat translation on router.

HTH

Regards

Ganesh.H

Thank you for your support,

I removed the ip acces-group 2 ont the router, it is still not ok, this is the output of sh ip nat translation:

rle_siege#sh ip nat translations
Pro  Inside global     Inside local       Outside local      Outside global
---  192.168.0.30      10.1.1.254         ---                ---

thanks

Hi,

Just drop a reverse route in router for 10.1.1.0/24 towards 192.168.0.1 and then check !!

HTH

Regards

Ganesh.H

mlund
Level 7
Level 7

Hi

You wrote "  I can ping the outside that is 172.16.1.0 " , but interface fa0/0 is missing the nat statement.

Try to do " ip nat outside" on fa0/0.

/Mikael

Review Cisco Networking for a $25 gift card