Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
822
Views
10
Helpful
6
Replies

NAT

dflores83
Level 1
Level 1

‎03-04-2009 03:34 PM - edited ‎03-06-2019 04:23 AM

Helo guys,

I tyr to configure NAT for two subnets that I have, I have this command

Router(config) # access-list 101 permit tcp y.y.y.y 0.0.0.255 host x.x.x.x

then I put the nat outside in host x.x.x.x

Router(config)# int fa0/1

Router(config-if)# ip nat outside

Router(config)# ip nat outside source list 101 interface fa 0/1

but when i try to ping from any host in y.y.y.y network, I can't do.

Thanks for the tips,,,

Labels:
0 Helpful
6 Replies 6

dflores83
Level 1
Level 1

‎03-04-2009 03:35 PM

sorry the last was....

router(config)#ip nat outside source list 101 pool (name_of_pool)

0 Helpful

adamclarkuk_2
Level 4
Level 4
In response to dflores83

‎03-04-2009 03:38 PM

Are you trying to do source NAT or destination NAT

I think you want source NAT which is

ip nat inside source source list 101 interface fa 0/1 overload

Don't forget the overload keyword so that PAT is used.

You also need to apply the 'ip nat inside' command to the inside interface of your network for this to work.

0 Helpful

Jon Marshall
Hall of Fame
Hall of Fame

‎03-04-2009 03:38 PM

David

Could you be more specific as to what you are trying to do in terms of which are the source IP addresses, which are the destination addresses etc.

Jon

0 Helpful

dflores83
Level 1
Level 1
In response to Jon Marshall

‎03-05-2009 11:19 AM

Hi,

I attach a diagram that can explain better the issue.

I want access all the network to server x.x.x.x in some services like http & https

thanks

Preview file
7 KB
0 Helpful

Jon Marshall
Hall of Fame
Hall of Fame
In response to dflores83

‎03-05-2009 12:08 PM

David

Assuming

y.y.y.y network = 192.168.5.0/24

Interface on router that connects to y.y.y.y network = fa0/0

x.x.x.x = 172.16.15.10

Interface on router that connects to x.x.x.x = fa0/1 and it's IP address is 172.16.15.1

access-list 101 permit tcp 192.168.5.0 0.0.0.255 host 172.16.15.10 eq 80

access-list 101 permit tcp 192.168.5.0 0.0.0.255 host 172.16.15.10 eq 443

int fa0/0

ip nat inside

int fa0/1

ip nat outside

ip nat inside source list 101 interface fa0/1 overload

The above config will change all the 192.168.5.x addresses to 172.16.15.1 ie. the interface address of fa0/1.

Jon

Richard Burts
Hall of Fame
Hall of Fame
In response to Jon Marshall

‎03-05-2009 03:05 PM

David

There is another aspect of this issue. Your original post used an access list which had a statement that permitted tcp for certain source and destination. Jon's example here also uses permit tcp. That may be ok if what you really want to translate is tcp traffic. But if you do that you can not test it with ping, as your original post describes. Ping is not tcp traffic and therefore will not test your translation.

If you want to test with ping then I suggest that your access list should permit ip rather than permit tcp.

HTH

Rick

HTH

Rick
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card