Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
3955
Views
5
Helpful
2
Replies

I cant ping after NAT configuration on packettracer

Go to solution
Bimsara
Level 1
Level 1

‎11-09-2019 09:37 PM

Hi,

 

I have configured a network using NAT but i cant ping my ISP router at all, but when i remove the ACL, i can ping fine,

can someone please explain why? Thanks in advance.

This is the ACL that i put for NAT,

ip access-list standard VLAN105
permit 192.168.2.0 0.0.0.127 (Our Internal Network)
permit any

These are my router configurations for Gateway and ISP Routers

----------------------Blue Router(Gateway Router)---------------------------

hostname Blue

!

!

!

!

ip dhcp excluded-address 192.168.2.126

!

ip dhcp pool VLAN105

network 192.168.2.0 255.255.255.128

default-router 192.168.2.126

!

!

!

no ip cef

no ipv6 cef

!

!

!

username Blue password 0 ccna34

!

!

!

!

!

!

!

!

!

!

spanning-tree mode pvst

!

!

!

!

!

!

interface Loopback0

ip address 192.168.2.145 255.255.255.248

!

interface GigabitEthernet0/0/0

no ip address

duplex auto

speed auto

shutdown

!

interface GigabitEthernet0/0/1

no ip address

duplex auto

speed auto

shutdown

!

interface Serial0/1/0

ip address 192.168.2.153 255.255.255.252

encapsulation frame-relay

frame-relay map ip 192.168.2.153 115

ip nat inside

clock rate 2000000

!

interface Serial0/1/0.115 point-to-point

no ip address

clock rate 2000000

shutdown

!

interface Serial0/1/1

ip address 70.14.1.13 255.255.255.252

encapsulation ppp

ip nat outside

!

interface Vlan1

no ip address

shutdown

!

router eigrp 10

passive-interface Loopback0

network 192.168.2.152 0.0.0.3

 

!

ip nat pool VLAN105 183.1.0.1 183.1.0.62 netmask 255.255.255.192

ip nat inside source list VLAN105 pool VLAN105 overload

ip classless

ip route 0.0.0.0 0.0.0.0 70.14.1.14

!

ip flow-export version 9

!

!

ip access-list standard VLAN105

permit 192.168.2.0 0.0.0.127

permit any

!

banner motd ^C^C

!

!

!

!

!

line con 0

exec-timeout 0 0

logging synchronous

!

line aux 0

!

line vty 0 4

password cisco

login

!

!

!

end

 

 

-----------------ISP Router--------------------------

 

hostname ISP

!

!

!

!

!

!

!

!

no ip cef

no ipv6 cef

!

!

!

username ISP password 0 ccna34

!

!

!

!

!

!

!

!

!

!

spanning-tree mode pvst

!

!

!

!

!

!

interface Loopback0

ip address 140.0.0.1 255.255.255.255

!

interface Loopback1

ip address 150.0.0.2 255.255.255.255

!

interface Loopback2

ip address 135.0.0.35 255.255.255.255

!

interface GigabitEthernet0/0/0

no ip address

duplex auto

speed auto

shutdown

!

interface GigabitEthernet0/0/1

no ip address

duplex auto

speed auto

shutdown

!

interface Serial0/1/0

no ip address

clock rate 2000000

shutdown

!

interface Serial0/1/1

ip address 70.14.1.14 255.255.255.252

encapsulation ppp

clock rate 2000000

!

interface Vlan1

no ip address

shutdown

!

ip classless

ip route 192.168.0.0 255.255.192.0 Serial0/1/1

!

ip flow-export version 9

!

!

!

banner motd ^C^C

!

!

!

!

!

line con 0

exec-timeout 0 0

logging synchronous

!

line aux 0

!

line vty 0 4

login

!

!

!

end

 

Preview file
60 KB
Preview file
29 KB
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Georg Pauwen
VIP
VIP

‎11-10-2019 12:12 AM

Hello,

 

from where are you trying to ping ? I assume from the PC ? You need to include the IP address (subnet) of the PC in the access list you are using for NAT.

 

Also, the NAT pool you are using doesn't make any sense.

 

Try the simplified configuration below and see if you can get NAT to work this way. Make sure your PC has an IP address that belongs to 192.168.0.0/16, otherwise, add the subnet to which the PC belongs to the access list.

 

ip nat inside source list 1 interface Serial0/1/1 overload
!
ip route 0.0.0.0 0.0.0.0 70.14.1.14
!
access-list 1 permit 192.168.0.0 0.0.255.255

View solution in original post

2 Replies 2

Go to solution
Leo Laohoo
Hall of Fame
Hall of Fame

‎11-09-2019 11:04 PM - edited ‎11-10-2019 01:45 AM

To all concerned,
It is very clear this thread is school work.
Help the students learn: Post the links to documents and configuration guides.
Please refrain from handing out answers.

0 Helpful

Go to solution
Georg Pauwen
VIP
VIP

‎11-10-2019 12:12 AM

Hello,

 

from where are you trying to ping ? I assume from the PC ? You need to include the IP address (subnet) of the PC in the access list you are using for NAT.

 

Also, the NAT pool you are using doesn't make any sense.

 

Try the simplified configuration below and see if you can get NAT to work this way. Make sure your PC has an IP address that belongs to 192.168.0.0/16, otherwise, add the subnet to which the PC belongs to the access list.

 

ip nat inside source list 1 interface Serial0/1/1 overload
!
ip route 0.0.0.0 0.0.0.0 70.14.1.14
!
access-list 1 permit 192.168.0.0 0.0.255.255

Customers Also Viewed These Support Documents