The thing is, NAT works

shoaib sheikh · ‎09-28-2015

Hello All,

I have done NAT config on the switch but it is not working. If anyone could be of help.

interface Vlan25
ip address 10.18.95.126 255.255.255.224
ip nat outside
end

interface Vlan2
ip address 192.168.1.1 255.255.255.248
ip nat inside

show run | sec access-list 101
access-list 101 permit ip 192.168.1.0 0.0.0.7 any
access-list 101 permit icmp 192.168.1.0 0.0.0.7 any

ip nat inside source list 101 interface Vlan25 overload

ping 10.18.96.55 source vlan 25
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.18.96.55, timeout is 2 seconds:
Packet sent with a source address of 10.18.95.126
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/4 ms

ping 10.18.96.55 source vlan 2
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.18.96.55, timeout is 2 seconds:
Packet sent with a source address of 192.168.1.1
.....
Success rate is 0 percent (0/5)

The reason I have to do nat is because I do not have reverse route for 192 network.

dasiimwe · ‎09-28-2015

enable 'ip routing' on the switch. can you share 'show ip route'?

shoaib sheikh · ‎09-29-2015

routing is already enabled.

Jon Marshall · ‎09-29-2015

What is the model of the switch ?

Jon

Sergey Lazarev · ‎09-29-2015

The only switch which support NAT is 6500. If you use 3750 or something like that, then you may be better off looking to a low end router to do the NAT.

shoaib sheikh · ‎09-29-2015

Hello Sergey,

This is 6506 E in VSS.

Thanks

Sergey Lazarev · ‎09-29-2015

The thing is, NAT works between interfaces, so did you try to send ping from any host connected to network 192.168.1.0? (not from switch)

shoaib sheikh · ‎09-29-2015

Hi Sergey,

I already did it during initial troubleshooting. I initiated ping from host in vlan 2 but that was also not working.

Jon Marshall · ‎09-30-2015

Can you ping from a client and then see what "sh ip nat translations" is showing.

Jon

shoaib sheikh · ‎09-29-2015

Hello Jon,

This is 6506 E in VSS.

Thanks

Ricardo Ochoa · ‎09-28-2015

Hi,

Can you share the next commands, i supuse in the first ping it wasnt applying NAT at all...

Show ip route

show ip nat translations

paul driver · ‎09-29-2015

Hello

can you confirm if your subnet addressing is correct for vlan 25 on either side of my your wan connection

Vlan 25 is in an different network then the prefix you are pinging

Can you post output of routing table as suggested by others

res

paul

Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul

Problem with NAT configuration