Re: NAT between two vlans in 6509 - Page 2

jose.m.goncalves · ‎12-12-2007

Hello,

I was trying to establish NAT between two vlans. The configuration is:

interface vlan 14

ip address 10.2.100.254 255.255.255.0

ip nat inside

!

interface vlan 7

ip address 1xx.xxx.xxx.126 255.255.255.192

ip nat outside

!

ip nat pool CONVERSION 1xx.xx.xx.105 1xx.xx.xx.110 netmask 255.255.255.192

ip nat inside source list 10 pool CONVERSION overload!

!

access-list 10 permit 10.2.100.0 0.0.0.255

I have tried on 6509 with:

Cisco Internetwork Operating System Software IOS (tm) c6sup2_rp Software (c6sup2_rp-JS-M), Version 12.1(27b)E, RELEASE SOFTWARE (fc2

I am not going outside the box and I can't see translation.

When I do:

#sh ip nat statistics

Total active translations: 0 (0 static, 0 dynamic; 0 extended)

Outside interfaces:

Vlan7

Inside interfaces:

Vlan14

Hits: 0 Misses: 0

Expired translations: 0

Dynamic mappings:

-- Inside Source

access-list 10 pool CONVERSION refcount 0

pool CONVERSION: netmask 255.255.255.192

start 19x.xxx.xxx.105 end 1xx.xxx.xxx.110

type generic, total addresses 6, allocated 0 (0%), misses 0

Can you help me?

Thanks in advanced.

Jose Goncalves

Jon Marshall · ‎12-14-2007

Jose

No problem.

Can you tell me what is the default route used on this switch to get to the Internet ?

Jon

jose.m.goncalves · ‎12-14-2007

Jon,

Gateway of last resort is 172.16.240.1 to network 0.0.0.0

interface Vlan540

description Ligacao WAN

ip address 172.16.240.4 255.255.255.0

Thanks in advanced

Jose

Jon Marshall · ‎12-14-2007

Jose

That is your problem then. When you go out to the internet you go out of vlan 540 but you have the ip nat outside statement under vlan 7 which is why you are never getting any NAT translations.

Jon

jose.m.goncalves · ‎12-14-2007

Jon,

Thanks a lot for your aid.

It has then some method I to make what I intend in the 6509?

I go to have to use one other to router for this, really?

Thanks in advanced

Jose

Jon Marshall · ‎12-14-2007

Jose

You can use the 6500 for this but you need to be careful. You have a lot of routes pointing out of vlan 540.

Do you want to NAT all traffic going out of the vlan 540 interface because that won't just be internet traffic it will also be any subnets using vlan 540 as their gateway eg.

do you want to NAT vlan 14 ip addresses if a client on vlan 14 wants to communicate with any of these subnets ?

O 192.168.121.0 [110/3] via 172.16.240.1, 00:51:55, Vlan540

O 192.168.121.32 [110/3] via 172.16.240.1, 00:51:55, Vlan540

O 192.168.121.64 [110/3] via 172.16.240.1, 00:51:55, Vlan540

O 192.168.121.96 [110/3] via 172.16.240.1, 00:51:55, Vlan540

Jon

jose.m.goncalves · ‎12-14-2007

Jon

No, I don't want to NAT all traffic going out of the vlan 540 interface.

Yes, I want to NAT vlan 14 ip addresses if a client on vlan 14 wants to communicate with any of these subnets.

Thanks in advandec

Jose

jose.m.goncalves · ‎12-17-2007

Jon,

With my configuration of the nerwork, isn't possible to do NAT, right?

Thanks in advanced.

Jose