Hi Reza, thanks for the reply, see below my current router config using fiber link.  with the current config I cannot browse.

interface FastEthernet0
switchport access vlan 5
!
interface FastEthernet1
!
interface FastEthernet2
!
interface FastEthernet3
!
interface Vlan1
ip address 192.168.30.1 255.255.255.192
ip nat inside
ip virtual-reassembly
!
interface Vlan5
ip address 190.x.x.146 255.255.255.240
ip nat outside
ip virtual-reassembly
!
ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 190.x.x.145
!
no ip http server
no ip http secure-server
ip nat pool BTL 190.x.x.147 190.x.x.148 netmask 255.255.255.240
ip nat inside source list INTERNET-BROwSING pool BTL overload
!
ip access-list extended INTERNET-BROwSING
permit ip 192.168.30.0 0.0.0.63 any

Hi,

Have you tried the NAT statement with prefix-list and test?

ip nat pool BTL 190.x.x.147 190.x.x.148 prefix-length 27

HTH

Hi, 

I just modified the config to 

ip nat pool BTL 190.x.x.147 190.x.x.148 prefix-length 28 

and is still not working. See ping from within router.

Router#ping 4.2.2.2 source vlan 1

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 4.2.2.2, timeout is 2 seconds:
Packet sent with a source address of 192.168.30.1
.....
Success rate is 0 percent (0/5

In addition, can you use the nat statement without overload?

ip nat inside source list INTERNET-BROwSING pool BTL

HTH

Hi Reza, thank you for you help really appreciate it.

even without the overload, I still cannot browse. Like I mentioned in the original post, this happens only on the fiber link. If I switch over to dsl and use the public ips assigned on dsl  network using the same nat pool statement, it works.  Do you think its a problem with our ISP, I even tried a different router and still have the same problem?

Hi,

I don't think this is an ISP issue.

So, if you ping say 8.8.8.8 without the source address, this should use the outgoing interface which is vlan1  Does it work?

If it does than this is not an issue with the ISP.

ping 8.8.8.8

Can you try it with static nat and test?

ip nat inside source list INTERNET-BROwSING interface vlan5 overload

no ip nat pool BTL 190.x.x.147 190.x.x.148 netmask 255.255.255.240
HTH

Hi Reza,

yes if I ping 8.8.8.8 which uses the outgoing interface vlan 5 as per my configuration, it works.

Router#ping 8.8.8.8

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 8.8.8.8, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 24/25/28 ms

when I modified the NAT state to a static NAT

ip nat inside source list INTERNET-BROwSING interface Vlan5 overload,

it works as well

Router#ping 8.8.8.8 source vlan 1

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 8.8.8.8, timeout is 2 seconds:
Packet sent with a source address of 192.168.30.1
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 24/26/32 ms

I'm puzzled, i'm not sure what i'm missing. 

Hi,

So, definitely is not an ISP issue or NAT because static NAT works fine.

Have a look at this link and look at the section for dynamic NAT and see if anything is missing:

http://www.ciscozine.com/nat-and-pat-a-complete-explanation/

HTH

Hello,

on a side note, try a standard access list or a route map (with or without the 'overload'):

access-list 10 permit 192.168.30.0 0.0.0.63
!
ip nat pool BTL 190.x.x.147 190.x.x.148 netmask 255.255.255.240
ip nat inside source list 10 pool BTL (overload)

or

access-list 100 permit ip 192.168.30.0 0.0.0.63 any
!
ip nat pool BTL 190.x.x.147 190.x.x.148 netmask 255.255.255.240
!
route-map TO_ISP permit 10
match ip address 100
!
ip nat inside source route-map TO_ISP pool BTL (overload)

If you cleared NAT table during switching from DSL to fiber, most likely that this is ISP routers configuration. For testing, you might also want to include 190.x.x.146 in your pool configuration, otherwise .146 will not be used for NAT. If you include this one in pool most likely you will be able to successfully forward traffic via that IP address (at least until all ports in are not exhausted from .146 (or at least pool with just .146 will work)) while using NAT pool via fiber.

From data that are available here, I don't think this is configuration issue on your side. I guess that ISP is not routing traffic properly for some reason (like, ISP is statically advertise your network range from DSL router into their network?) so return traffic does not have proper return path, or some similar issue.

Hello

I have see this before that you cannot nat sourced from the rtrs interface nat is applied on, but its successful from behind the natted interface.

I cannot remember if i upgraded the IOS or utilized NVI nat ( domain less nat)

Have you tested ping from behind the vlans other than the svi address themselves or tried NVI nat?

sh run | in ip nat
ping 8.8.8.8 (from host behind natted vlan)
sh ip nat translations
debug ip nat detail
debug ip packet detail

OR

int x/x
no ip nat inside
ip nat enable

int x/x
no ip nat outside
ip nat enable

no ip nat inside source list INTERNET-BROwSING pool BT
ip nat source list INTERNET-BROwSING pool BT

sh ip nat nvi translations

res
Paul