12-02-2006 10:48 PM - edited 03-05-2019 01:08 PM
Hello,
I was trying to establish NAT between two vlans. Following is the configuration.
interface vlan 40
ip address 10.10.10.1 255.255.255.0
ip nat inside
!
interface vlan 50
ip address 172.16.10.64 255.255.255.0
ip nat outside
!
ip nat pool eng-nat 172.16.10.1 172.16.10.63 prefix 24
!
ip nat inside source list 7 pool eng-nat
!
!
access-list 7 permit 10.10.10.0 0.0.0.127
I have tried on 6509 with SUP720 engine with native IOS version 122-17a.SX4.
I am not going outside the box and I cant see translation.
Please help.
12-03-2006 01:20 AM
Hi
think of that ,try to generate traffic that is comming from the vlan 40 and is realy destined to outside vlan 50, for example form a pc in the vlan 40 try to ping a PC in the vlan 50 here you ll be sure if it s working or not but check reachability before implementing the NAT and after.
HTH
12-03-2006 01:25 AM
Before and after the NAT, I have reachability to interfaces defined on the same box.
Its not doing any nating.
I have to configuring the IP on physical interfaces and see whether it works.
Till then
12-03-2006 01:37 AM
HI
my friend your vlan 50is a subnet 172.16.10.0 255.255.255.0 okay, your are trying to nat to the same subnet
so i think that the box will not do any translation !!!
the source of the packet as intended to be is in same subnet to whitch it destined after translation!!
here the router will think that the packet is local and
has already reached it destination using only LAYER2 switching!!
so try another pool i think it will work
HTH
do rate if it does
12-03-2006 02:37 AM
hello,
"try another pool". pls elaborate on this.
thank u for ur time.
12-03-2006 11:52 AM
try this pool of new addresses
ip nat pool eng-forexample-nat 172.19.90.1 172.19.90.63 prefix 24
!
let us know
12-03-2006 06:52 PM
Hi,
Is this what you are trying to achieve?
pc---vlan 40---vlan 50---pc? or
pc---vlan 40---vlan 50---another sw/rtr?
I believe that if you remove the nat statements on both interface vlan, you can still achieve inter-vlan routing?
And at the same time reach the device on the supposed to be outside IP?
my 2 cents only...
12-03-2006 07:23 PM
Hi
i think the idea of vu2jjq that he is trying to test nat with svi, switched virtual interfaces not forwarding traffic between to vlans!!!!!!
12-05-2006 12:40 AM
Hello,
That did not really help Kamal. Am yet to try on the physical interface.
Thanks again.
JJQ
12-05-2006 12:55 AM
change the subnet mask in the nat pool to
255.255.255.192
12-05-2006 01:35 AM
Hello,
I was not using the gateway network of the box for outbound. For testing purpose, I was simply using just another vlan configured.
Now I have tried the 'ip nat outside' and the pool in the gateway network. It is working fine.
Thank you very much for your contributions.
Regards
JJQ
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide