Re: I can't ping from inside to outside NAT - Page 2

adamlee1811 · ‎04-02-2022

I have configured R2 router NAT:

R2(config)#ip route 0.0.0.0 0.0.0.0 s1/0

R2(config)#access-list 10 permit 172.8.55.0 0.0.0.255

R2(config)#ip nat inside source list 10 interface s1/0 overload

R2(config)#int s1/0

R2(config-if)#ip nat outside

R2(config-if)#int f0/1

R2(config-ig)#ip nat inside

My router R2 has OSPF configured with 2 other routers before, they are in zone 172.8.55.0/24.

When I configure NAT but I can't ping from inside NAT (R2) to outside (PC1)?

Help me, please

adamlee1811 · ‎04-03-2022

I don't think R2 know all route. I can ping from VLAN10 to VLAN20 but I can't ping from PC6 to R2

R2#sh ip access-lists
Standard IP access list 10
10 permit 172.8.55.0, wildcard bits 0.0.0.255
R2#sh ip route
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route

Gateway of last resort is 0.0.0.0 to network 0.0.0.0

172.8.0.0/24 is subnetted, 1 subnets
C 172.8.55.0 is directly connected, FastEthernet0/1
11.0.0.0/30 is subnetted, 1 subnets
C 11.0.0.0 is directly connected, Serial1/0
S* 0.0.0.0/0 is directly connected, Serial1/0

MHM Cisco World · ‎04-03-2022

In R2

Ping pc source 172.8.55.x

Do debug ip nat

You will get ping success.

For ospf still not get any in routing table?

Can i see show ip route in R1.

adamlee1811 · ‎04-04-2022

R1#sh ip route
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route

Gateway of last resort is not set

172.8.0.0/24 is subnetted, 1 subnets
C 172.8.55.0 is directly connected, FastEthernet0/1
172.10.0.0/24 is subnetted, 1 subnets
C 172.10.55.0 is directly connected, FastEthernet0/0.10
172.20.0.0/24 is subnetted, 1 subnets
C 172.20.55.0 is directly connected, FastEthernet0/0.20
R1#sh ip ospf nei

Neighbor ID Pri State Dead Time Address Interface
172.8.55.2 1 FULL/DROTHER 00:00:31 172.8.55.2 FastEthernet0/1
172.30.55.1 1 FULL/DR 00:00:31 172.8.55.3 FastEthernet0/1

adamlee1811 · ‎04-04-2022

I can't ping from PC6 to R2.

adamlee1811 · ‎04-04-2022

should I configure NAT at R1 so that PC6 can ping to R2?

MHM Cisco World · ‎04-04-2022

First,

ping pc1 source 172.8.55.2 <<- this should work

Second still if there is no reachability then the ping will failed.

now why ospf not exchange update between router ?

Are you apply any acl in R2 172.8.55.2 interface?

Richard Burts · ‎04-04-2022

One of the issues is that R1 does not have any default route. So it can only forward traffic to subnets that are in its routing table. Especially for forwarding traffic toward outside it will need a default route. It could be a static default on F1 or it could be a default advertised by an OSPF neighbor (which is probably the better alternative).

You ask "should I configure NAT at R1 so that PC6 can ping to R2?" Between R1 and R2 there is no need for NAT. You need NAT when you are attempting to get access outside your private network. You need NAT on R2 (and have at least part of what you need configured on R2).

HTH

Rick

connieyung · ‎04-04-2022

Make sure ISP also run OSPF.

paul driver · ‎04-02-2022

Hello
Do you have full reachablity from your internal network to R2 1.1.1.x/30 if so, then the issue is your NAT.

Also post the packet tracer file if possible.

Basic nat would be:

int ser1/0
ip nat outside

int fa0/1
ip nat inside

ip access-list extended NAT
permit ip 172.8.55.0 0.0.0.255 any
ip nat inside source-list NAT interface serial 1/0

Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul

adamlee1811 · ‎04-03-2022

A