I can't ping from inside to outside NAT

adamlee1811 · ‎04-02-2022

I have configured R2 router NAT:

R2(config)#ip route 0.0.0.0 0.0.0.0 s1/0

R2(config)#access-list 10 permit 172.8.55.0 0.0.0.255

R2(config)#ip nat inside source list 10 interface s1/0 overload

R2(config)#int s1/0

R2(config-if)#ip nat outside

R2(config-if)#int f0/1

R2(config-ig)#ip nat inside

My router R2 has OSPF configured with 2 other routers before, they are in zone 172.8.55.0/24.

When I configure NAT but I can't ping from inside NAT (R2) to outside (PC1)?

Help me, please

MHM Cisco World · ‎04-02-2022

between R2 and ISP what is routing protocol you run??
if not then the return traffic from PC to R2 is missing that why the ping is failed.

adamlee1811 · ‎04-02-2022

I just confiured ip between ISP and R2

MHM Cisco World · ‎04-02-2022

Ok, in R2

Show ip route

Do you see sunbet of pc?

Even if there is nat the destiantion must reachable.

You must config

1-

Defualt information origin

in R2 under opsf, this make all Router/PC behind R2 know who get to PC1

2-
ip route 0.0.0.0 0.0.0.0 ISP

adamlee1811 · ‎04-02-2022

This is my show ip route.

Gateway of last resort is 0.0.0.0 to network 0.0.0.0

172.8.0.0/24 is subnetted, 1 subnets
C 172.8.55.0 is directly connected, FastEthernet0/1
11.0.0.0/30 is subnetted, 1 subnets
C 11.0.0.0 is directly connected, Serial1/0
S* 0.0.0.0/0 is directly connected, Serial1/0

How to configure it? I don't understand your comment? Can you detail?

MHM Cisco World · ‎04-02-2022

You already config default route that OK,

router ospf X

default-information originate

One only thing why there is no any route learn via OSPF in R2? are you sure you config OSPF right ?

adamlee1811 · ‎04-02-2022

I don't know why but when I sh ip ospf neighbors. It has R3 and R1

sh ip ospf nei

Neighbor ID Pri State Dead Time Address Interface
172.8.55.1 1 FULL/BDR 00:00:39 172.8.55.1 FastEthernet0/1
172.8.55.3 1 FULL/DR 00:00:39 172.8.55.3 FastEthernet0/1

MHM Cisco World · ‎04-02-2022

OK go to R1 and R3 and config
Network x.x.x.x mask x.x.x.x area x

adamlee1811 · ‎04-02-2022

This is my ospf config:

R1(config)#router ospf 1

R1(config-router)#network 172.8.55.0 0.0.0.255 area 0

R2(config)#router ospf 1

R2(config-router)#network 172.8.55.0 0.0.0.255 area 0

R3(config)#router ospf 1

R3(config-router)# network 172.8.55.0 0.0.0.255 area 0

MHM Cisco World · ‎04-02-2022

That OK for make OSPF router see each other,
R1,R2,R3 connect via one SW with subnet 172.8.55.0/24
BUT behind R1 and R3, R2 don't know about it.
You must config IN R1 subtend of VLAN10 and VLAN20
in R3 "it don't show in photo" you must config subnet of VLAN connect to it.

do all this with
net x.x.x.x mask x.x.x.x area 0

adamlee1811 · ‎04-02-2022

After config VLAN what should I do ?

I should:

R2(config)#access-list 10 permit 172.10.55.0 0.0.0.255 (Vlan 10)

R2(config)#access-list 10 permit 172.20.55.0 0.0.0.255 (Vlan 20)

Right ?

adamlee1811 · ‎04-02-2022

My config Vlan in SW4:

SW4#vlan database

SW4(vlan)#vlan 10 name p10

SW4(vlan)#vlan 20 name p20

SW4(config)#int f0/1

SW4(config-if)#switchport access vlan 10

SW4(config)#int f0/2

SW4(config-if)#switchport access vlan 20

MHM Cisco World · ‎04-03-2022

Before adjust the ACL,
are R2 now know all route, VLAN 10 VLAN20 and VLAN behind R3?
can I see show ip route & show ip access-list in R2?

Richard Burts · ‎04-03-2022

There are several things about this that we do not know which would help us to identify the issue:

- where is the source of the ping?

- what is the gateway of PC1?

- does the gateway for PC1 have a route to the subnet of the ping source?

Here are a couple of things that need to be fixed:

- R2 has no routing information about vlans 10 and 20. Adding those subnets to OSPF would be helpful.

- the posted config does not have any NAT logic for the subnets of vlan 10 and 20. Those subnets should be added to the acl used by NAT.

HTH

Rick

adamlee1811 · ‎04-03-2022

Now I just want to config my R2 ping to PC1 but it doesn't work. I will config VLAN after that. Thanks