cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
744
Views
0
Helpful
7
Replies

Multiple NAT

edw
Level 1
Level 1

Hi,

I have a 2800 router with seven interfaces. I have one which is outside interface. I have another which is inside to my internal network. I have one more at present which is setup on vlan for public events. IE I keep them seperate. I can get Nat working from inside to outside. I can ping from internal network to public vlan and back.

But I can't figure out how to get NAT running for the public vlan.

!

interface FastEthernet0/0

description OUTSIDE

ip address 210.30.180.x 255.255.255.248

ip nat outside

duplex auto

speed auto

!

interface FastEthernet0/1

description INSIDE

ip address 192.168.1.195 255.255.255.0

ip nat inside

duplex full

speed auto

!

interface Vlan10

ip address 10.10.10.1 255.255.255.0

!

ip route 0.0.0.0 0.0.0.0 210.30.180.x permanent

!

interface FastEthernet0/0/3

switchport access vlan 10

ip nat pool IntOut 210.30.180.x 210.30.180.x netmask 255.255.255.0

ip nat pool Public 210.30.180.x 210.30.180.x netmask 255.255.255.0

ip nat inside source list 150 pool IntOut overload

ip nat inside source list 151 pool Public overload

access-list 150 permit ip 192.168.1.0 0.0.0.255 any

access-list 151 permit ip 10.10.10.0 0.0.0.255 any

Any pointers or ideas????

Thanks

Ed

7 Replies 7

lgijssel
Level 9
Level 9

Try to add "ip nat inside" to your interface vlan 10.

Regards,

Leo

yep already done this - still no joy ;(

1: Already tried using standard acl's to specify nat sources?

2: Check the mask on the pool statements: shouldn't this be 255.255.255.255 instead?

Regards,

Leo

Okay - I tired the 255.255.255.255 route but no joy - plus the 255.255.255.0 is working for the inside to outside interfaces fine.

I could try standard acl but the thing is the same nat setup is working for the inside to outside interfaces - so Im thinking there is something different I have to do to a vlan interface...

Okay - I tired the 255.255.255.255 route but no joy - plus the 255.255.255.0 is working for the inside to outside interfaces fine.

I could try standard acl but the thing is the same nat setup is working for the inside to outside interfaces - so Im thinking there is something different I have to do to a vlan interface...

VLAN interfaces are not special. This case appearently requires some troubleshooting. Check for example what happens when you disable nat on the working interface.

Also, it should undoubtedly work when you are using a single translation for both interfaces. This requires merging both access lists and appply nat to it.

BTW: what platform and IOS version are you using for this?

Regards,

Leo

Hi,

Okay that makes sense, I thought so just wanted to double check. Its 2811 with IOS 12.4T.

Ill give it some more thought now I know Im on the right foot.