Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1383
Views
0
Helpful
8
Replies

Nat on a network with 3 routers

Go to solution
orics94
Level 1
Level 1

‎06-12-2022 11:50 AM

Hey, I'm kind of new in ccna and I'm clueless on how to nat this topology, I've been trying now for over 2 days, I'll take all the help I can get, thanks

The network for router0 and the pc's is 192.168.0.0/24nat3routers.png

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Flavio Miranda
VIP
VIP
In response to orics94

‎06-12-2022 02:39 PM - edited ‎06-12-2022 02:40 PM

Hi

 Find attached a working file.  You can see double NAT by using the command "show ip nat translation" on Router0 and Router 1.

 

Router0#sh ip nat tran
Router0#sh ip nat translations
Pro Inside global Inside local Outside local Outside global
icmp 172.31.0.2:109 192.168.10.3:109 172.19.0.200:109 172.19.0.200:109
icmp 172.31.0.2:110 192.168.10.3:110 172.19.0.200:110 172.19.0.200:110
icmp 172.31.0.2:111 192.168.10.3:111 172.19.0.200:111 172.19.0.200:111
icmp 172.31.0.2:112 192.168.10.3:112 172.19.0.200:112 172.19.0.200:112

 


Router1#sh ip nat translations
Pro Inside global Inside local Outside local Outside global
icmp 209.165.200.2:113 172.31.0.2:113 172.19.0.200:113 172.19.0.200:113
icmp 209.165.200.2:114 172.31.0.2:114 172.19.0.200:114 172.19.0.200:114
icmp 209.165.200.2:115 172.31.0.2:115 172.19.0.200:115 172.19.0.200:115
icmp 209.165.200.2:116 172.31.0.2:116 172.19.0.200:116 172.19.0.200:116

 

What was really bad on the router0 was this Access List:


access-list 100 deny ip 192.168.10.0 0.0.0.255 192.168.20.0 0.0.0.255

 

I also made some changes on routing but slightly changes.

 

You server does not have gaterway. They must have.

View solution in original post

CCNA V7_v2.zip
0 Helpful
8 Replies 8

Go to solution
Flavio Miranda
VIP
VIP

‎06-12-2022 12:02 PM - edited ‎06-12-2022 12:07 PM

Hi start by define the traffic

ip access  list 1 permit 192.168.0.0

Then, enable nat on interfaces

Int gx 

 ip nat inside

inty

ip nat outside

 

Then you configure

ip nat inside source list 1 overload

 

Int gx - local network 192.168.0.0

Inty - 172.31.0.x

 

On the next router you can repeat the process but now you traffic is different

ip access list 1 permit 172.31.0.x (router 0 interfaces)

 

You can share you file here. Just zip it first 

 

0 Helpful

Go to solution
orics94
Level 1
Level 1

‎06-12-2022 12:25 PM - edited ‎06-12-2022 12:31 PM

I should try the following on routers 0+1 right?

since I want to reach the web server with my pc's, I don't know what but something is missing for me

I attached the file aswell

thanks alot

CCNAv7.zip
0 Helpful

Go to solution
Flavio Miranda
VIP
VIP
In response to orics94

‎06-12-2022 02:39 PM - edited ‎06-12-2022 02:40 PM

Hi

 Find attached a working file.  You can see double NAT by using the command "show ip nat translation" on Router0 and Router 1.

 

Router0#sh ip nat tran
Router0#sh ip nat translations
Pro Inside global Inside local Outside local Outside global
icmp 172.31.0.2:109 192.168.10.3:109 172.19.0.200:109 172.19.0.200:109
icmp 172.31.0.2:110 192.168.10.3:110 172.19.0.200:110 172.19.0.200:110
icmp 172.31.0.2:111 192.168.10.3:111 172.19.0.200:111 172.19.0.200:111
icmp 172.31.0.2:112 192.168.10.3:112 172.19.0.200:112 172.19.0.200:112

 


Router1#sh ip nat translations
Pro Inside global Inside local Outside local Outside global
icmp 209.165.200.2:113 172.31.0.2:113 172.19.0.200:113 172.19.0.200:113
icmp 209.165.200.2:114 172.31.0.2:114 172.19.0.200:114 172.19.0.200:114
icmp 209.165.200.2:115 172.31.0.2:115 172.19.0.200:115 172.19.0.200:115
icmp 209.165.200.2:116 172.31.0.2:116 172.19.0.200:116 172.19.0.200:116

 

What was really bad on the router0 was this Access List:


access-list 100 deny ip 192.168.10.0 0.0.0.255 192.168.20.0 0.0.0.255

 

I also made some changes on routing but slightly changes.

 

You server does not have gaterway. They must have.

CCNA V7_v2.zip
0 Helpful

Go to solution
orics94
Level 1
Level 1
In response to Flavio Miranda

‎06-12-2022 09:06 PM

was the access list on r0 that bad? I used it to block traffic from vlan10 to vlan20

and what should I try to do for the pc's to be able to.reach the web server?

0 Helpful

Go to solution
Flavio Miranda
VIP
VIP
In response to orics94

‎06-12-2022 10:23 PM

Yes, that access list. That acl was also blocking the communication to the servers as well. 

 You cant put an access list with one statement and deny. The second statement is also deny implicit,  so,  everything will be blocked. 

 You need a permit any any bellow the deny

 The file I attached, PCs is communicating with servers just fine and doing NAT at router 0 and router 1

0 Helpful

Go to solution
Georg Pauwen
VIP
VIP

‎06-12-2022 01:36 PM

Hello,

 

what instructions are you following ? They usually want you to NAT from a source to a destination (network)...so in your case, what is the source, and what is the destination ?

0 Helpful

Go to solution
orics94
Level 1
Level 1
In response to Georg Pauwen

‎06-12-2022 08:32 PM

I need to nat the 172.31.0.0 network with the LAN2 network and should get access to the web server from the PC's

0 Helpful

Go to solution
Jitendra Kumar
Spotlight
Spotlight
In response to orics94

‎06-13-2022 02:22 AM

have to try to enable ip nat inside on the router R1 g0/0/1? if not check please if your routing is ok this should work.

 

 

Thanks,

Jitendra

Thanks,
Jitendra
0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card