Re: Nat translation not working

OneOpAfghan · ‎06-20-2022

Nat translation box shows up empty

here are my commands

hostname IAR

!

no ip cef

no ipv6 cef

!

license udi pid CISCO2911/K9 sn FTX15241M7O-

!

no ip domain-lookup

!

spanning-tree mode pvst

!

interface GigabitEthernet0/0

no ip address

duplex auto

speed auto

shutdown

!

interface GigabitEthernet0/1

ip address 192.168.78.189 255.255.255.252

ip nat inside

duplex auto

speed auto

!

interface GigabitEthernet0/2

no ip address

duplex auto

speed auto

shutdown

!

interface Serial0/0/0

ip address 192.168.78.182 255.255.255.252

ip nat inside

!

interface Serial0/0/1

ip address 192.168.78.170 255.255.255.252

ip access-group 105 in

ip nat inside

clock rate 128000

IAR#

IAR#sh run

Building configuration...

Current configuration : 1844 bytes

!

version 15.1

no service timestamps log datetime msec

no service timestamps debug datetime msec

no service password-encryption

!

hostname IAR

!

no ip cef

no ipv6 cef

!

license udi pid CISCO2911/K9 sn FTX15241M7O-

!

no ip domain-lookup

!

spanning-tree mode pvst

!

interface GigabitEthernet0/0

no ip address

duplex auto

speed auto

shutdown

!

interface GigabitEthernet0/1

ip address 192.168.78.189 255.255.255.252

ip nat inside

duplex auto

speed auto

!

interface GigabitEthernet0/2

no ip address

duplex auto

speed auto

shutdown

!

interface Serial0/0/0

ip address 192.168.78.182 255.255.255.252

ip nat inside

!

interface Serial0/0/1

ip address 192.168.78.170 255.255.255.252

ip access-group 105 in

ip nat inside

clock rate 128000

!

interface Serial0/1/0

ip address 192.168.78.174 255.255.255.252

ip nat inside

!

interface Serial0/1/1

ip address 209.165.200.225 255.255.255.248

ip nat outside

!

interface Vlan1

no ip address

shutdown

!

router ospf 1

log-adjacency-changes

network 192.168.78.168 0.0.0.3 area 0

network 192.168.78.172 0.0.0.3 area 0

network 192.168.78.180 0.0.0.3 area 0

network 192.168.78.188 0.0.0.3 area 0

network 209.165.200.224 0.0.0.7 area 0

default-information originate

!

ip nat pool NATPOOLIAR 209.168.200.224 209.168.200.224 netmask 255.255.255.248

ip nat inside source list NATACL pool NATPOOLIAR overload

ip classless

ip route 0.0.0.0 0.0.0.0 Serial0/1/1

!

ip flow-export version 9

!

ip access-list extended NATACL

permit ip 209.168.200.224 0.0.0.7 any

permit ip 192.168.78.0 0.0.0.255 any

access-list 100 deny tcp host 192.168.78.169 host 192.168.78.190 eq www

access-list 105 deny tcp host 192.168.78.181 host 192.168.78.190 eq www

access-list 105 permit ip any any

!

line con 0

!

line aux 0

!

line vty 0 4

login

!

end

Flavio Miranda · ‎06-20-2022

Hi

Change this:

ip access-list extended NATACL

permit ip 209.168.200.224 0.0.0.7 any

permit ip 192.168.78.0 0.0.0.255 any

To this

ip access-list standard NATACL

permit ip 192.168.78.0 0.0.0.255

You dont need to put the outside address into the nat acl.

Georg Pauwen · ‎06-20-2022

Hello,

the router configs look odd, why are you using /30 IP addresses on the inside interfaces ? Also, the IP address used for the NAT pool is included in the NAT access list. What are you trying to accomplish ?

OneOpAfghan · ‎06-20-2022

Apparently the serial interfaces must be /30 and the 209.168.200.224 must be put in.

Georg Pauwen · ‎06-20-2022

Hello,

the inside interfaces are /30 too, what is connected to these interfaces, a single host ?

MHM Cisco World · ‎06-21-2022

ip nat pool NATPOOLIAR 209.165.200.225 net mask 255.255.255.248 <- since you use this ip for outside nat interface

!

interface Serial0/1/1

ip address 209.165.200.225 255.255.255.248

ip nat outside