Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2676
Views
5
Helpful
5
Replies

I cannot ping after NAT Configuration

Go to solution
HeroVax
Level 1
Level 1

‎06-16-2022 08:11 AM - edited ‎06-16-2022 08:15 AM

Hello, I have issues about NAT configuration that does not allow my KL Router's PCs ping to Penang Router's PCs.

 

Initially, my plan was to create NAT for Server Farm client.

15.0.6.2 translates to 130.10.0.2

 

I have configured my KL Router as follows:

interface GigabitEthernet0/0/0.80

ip nat inside

 

interface Serial 0/1/0

ip nat outside

 

ip nat pool NATPOOL 130.10.0.3 130.10.255.254 netmask 255.255.0.0
ip nat inside source list 1 pool NATPOOL
ip nat inside source static 15.0.6.3 130.10.0.3
ip nat inside source static 15.0.6.4 130.10.0.4
ip nat inside source static 15.0.6.5 130.10.0.5
ip nat inside source static 15.0.6.2 130.10.0.2

access-list 1 permit 15.0.6.0 0.0.0.7

Penang Router's PC Security: 

 

1.png

 

KL Router's PC Server Farm:

 

2.png

 

Results: Penang Router's PC can ping to KL Router's Server Farm (15.0.6.2), and it successfully translates to 130.10.0.2. However, Server Farm cannot ping to other PCs outside of KL Router as a result. I honestly do not know what's the issue with my configurations. I have attached my pkt file below for reference.

 

Thanks.

Labels:
Project.zip
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Flavio Miranda
VIP
VIP
In response to HeroVax

‎06-16-2022 08:40 AM

Must be some bug or different version. I can not see the config. But, it is ok.

 

When you configure "ip nat outside" you are changing the PCs IP address from 15.x.x.x to 130.x.x.x.  Which means, the IP address that will arrive to the outiside is different and your routers, need to know to to reply.

For example. If you run:

show ip route 130.0.0.0 on router Penang or ISP, do they have this route? They probably not. So, you need to tell then how can they reach the network 130.0.0.0, otherwise, they will drop the packet.

View solution in original post

0 Helpful
5 Replies 5

Go to solution
Flavio Miranda
VIP
VIP

‎06-16-2022 08:18 AM

Hi

 Your file does not allow to see the config...neither change. So it is useless to attach the file.

 

But, if you are doing NAT from 15.0.0.0 to  130.10.0.0 then you need add route on the router for this network.

On router Penang you need to add this:

ip route 130.0.0.0 255.0.0.0.0 15.0.6.9

0 Helpful

Go to solution
HeroVax
Level 1
Level 1
In response to Flavio Miranda

‎06-16-2022 08:26 AM

Hello @Flavio Miranda ,

 

The file attached is a pkt file (inside a zip file). I already tested it, and you can open it via Cisco Packet Tracer. Also, I have done all the OSPF Configurations so if I didn't configure the NAT, all PCs can ping to each other.

 

I noticed that, once I configure the interface serial 0/1/0 as "ip nat outside", then the Server Farm will not able to ping anymore.

0 Helpful

Go to solution
Flavio Miranda
VIP
VIP
In response to HeroVax

‎06-16-2022 08:40 AM

Must be some bug or different version. I can not see the config. But, it is ok.

 

When you configure "ip nat outside" you are changing the PCs IP address from 15.x.x.x to 130.x.x.x.  Which means, the IP address that will arrive to the outiside is different and your routers, need to know to to reply.

For example. If you run:

show ip route 130.0.0.0 on router Penang or ISP, do they have this route? They probably not. So, you need to tell then how can they reach the network 130.0.0.0, otherwise, they will drop the packet.

0 Helpful

Go to solution
HeroVax
Level 1
Level 1
In response to Flavio Miranda

‎06-16-2022 08:52 AM

Hello @Flavio Miranda ,

 

Oh my goodness, thank you so much for your help. I'm still learning about NAT and very glad I learned something new today. It makes sense now. The translated IP wasn't advertised. I thought, the router would automatically know the translated IP from their old 15.0.6.0 address. But I guess not.

 

 

So, I have configure the static route and it works well now. I always wanted to use OSPF configuration to be able to capture 130.10.0.0 but it doesn't work. Anyways, I'll just stick with static route.

Go to solution
Flavio Miranda
VIP
VIP
In response to HeroVax

‎06-16-2022 09:04 AM - edited ‎06-16-2022 09:04 AM

You are doing great.  It is possible to advertise the Natted ip address to other routers. You just need to search a little bit more. Here in the community you can find a solution:

 

Examle:

 

https://community.cisco.com/t5/routing/how-to-advertise-a-nat-pool-into-ospf/td-p/484531 

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card