cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
34404
Views
0
Helpful
9
Replies

How to configure NAT with VLAN

davidmejia
Level 1
Level 1

Hi,

My question is How can I configure NAT with Router Cisco 7200 using virtual interfaces VLAN or Loopback?

I have to configure One vlan with Private IPs and the other with public IPs

I tried with this configuration but it doesn't work. Any suggestions?

Thanks in advance

interface Loopback50

ip address 200.105.127.190 255.255.255.252

ip nat outside

ip virtual-reassembly

interface FastEthernet2/0.50

description IP Private

encapsulation dot1Q 50

ip address 192.168.1.1 255.255.255.0

ip nat inside

ip virtual-reassembly

ip route 200.105.127.188 255.255.255.252 Loopback50

ip nat inside source list 50 interface Loopback50 overload

access-list 50 permit 192.168.1.0 0.0.0.255

9 Replies 9

t814687
Level 1
Level 1

Hi,

You can not do NAT on a loopback interface. You will have to use subinterfaces or physical interfaces on the router.

Thanks

serg

I have to configure the Router with VLANs and I tried with subinterfaces, but it doesn`t work

Any Suggestion?

interface FastEthernet2/0.51

ip address 200.105.127.190 255.255.255.252

encapsulation dot1Q 51

ip nat outside

ip virtual-reassembly

interface FastEthernet2/0.50

description IP Private

encapsulation dot1Q 50

ip address 192.168.1.1 255.255.255.0

ip nat inside

ip virtual-reassembly

ip route 200.105.127.188 255.255.255.252 FastEthernet2/0.51

ip nat inside source list 50 interface FastEthernet2/0.51 overload

access-list 50 permit 192.168.1.0 0.0.0.255

David,

That should work...can you post debug ip nat ?

another thing to try is this:

ip nat pool ovrld 200.105.127.190 200.105.127.190 prefix 30

ip nat inside source list 50 pool ovrld overload

This will PAT all the outgoing traffic to your outside interface. Try and let me know.

serg

Also I assume you have your default route to the internet upstream neighbur on the router, right?

and I do not see you need that static route to FastEthernet2/0.51 .

serg

Hi, serg

Well, This is the configuration of my router Cisco 7200 and the IOS is

Cisco IOS Software, c7200-js-mz.124-12c.bin

******************************************

interface FastEthernet2/0

no ip address

duplex auto

speed auto

interface FastEthernet2/0.51

ip address 200.105.127.190 255.255.255.252

encapsulation dot1Q 51

ip nat outside

ip virtual-reassembly

interface FastEthernet2/0.50

description IP Private

encapsulation dot1Q 50

ip address 192.168.1.1 255.255.255.0

ip nat inside

ip virtual-reassembly

ip route 0.0.0.0 0.0.0.0 serial0/0

ip route 200.105.127.188 255.255.255.252 FastEthernet2/0.51

ip nat inside source list 50 interface FastEthernet2/0.51 overload

access-list 50 permit 192.168.1.0 0.0.0.255

**********************************************

I turned on the debug ip nat.

Router#debug ip nat

IP NAT debugging is on

Router#

Router#sh ip nat translations

Router#

*********************************************

I tried with the other configuration that you gave me, but it still isn`t working.

ip nat pool ovrld 200.105.127.190 200.105.127.190 prefix 30

ip nat inside source list 50 pool ovrld overload

*********************************************

Router#sh ip nat translations

Router#

**********************************************

And This is the log on the Router

*Apr 25 17:11:56.454: NAT: reaping portlist proto 6 globaladdr 200.105.135.190

*Apr 25 17:12:12.246: NAT: Reserved 200.105.135.190 for PAT

*Apr 25 17:12:12.246: ipnat_add_dynamic_cfg_common: id 6, flag 5, range 1

*Apr 25 17:12:12.246: id 6, flags 0, domain 0, lookup 0, aclnum 32, aclname 50, mapname idb 0x00000000

*Apr 25 17:12:12.250: poolstart 200.105.135.190 poolend 200.105.135.190

when you turn debugging on can you generate some traffic to the outside and see if you getting anything on the console/terminal session?

Are you telnetting to the router, if yes you need "term mon" command to see the live output

default gateway does not seem right to me if you are using subniterface. What is this ip 200.105.127.188 ? your router should point to your next hop upstream router IP to get to the internet , not to this serial0/0 if I understand this correctly.

Pravin Phadte
Level 5
Level 5

Can you try by adding a route statement.

Ip route 192.168.1.0 255.255.255.0 fastethernet2/0.50

I added this route but it still isn`t working

Do you have any other suggestion or configuration?

ip route 192.168.1.0 255.255.255.0 FastEthernet2/0.50

ip route 200.105.127.188 255.255.255.252 Loopback50

ip nat pool natpool 200.105.127.190 200.105.127.190 netmask 255.255.255.252

ip nat inside source list 107 pool natpool overload

access-list 107 permit ip 192.168.1.0 0.0.0.255 any

also try if the above config does not work with this route.

ip route 200.105.127.190 255.255.255.252 FastEthernet2/0.50

Also let me know if u have any default route