Juan Pineiro
asked on
Config NAT/PAT while having sub interface config on router.
Hello,
I have a question that I can't seem to figure out.
I know how to setup NAT/PAT and to test it out enable NAT ( debug ip nat ) and it turns on, then up do a ping and you can see NAT working.
So now I created sub interface on the router
int g0/1 no shut
int g0/1.3
encap dot1q 3
ip address 192.168.3.1 255.255.255.0
int g0/1 no shut
int g0/1.4
encap dot1q 4
ip address 192.168.4.1 255.255.255.0
The above sub interface are for vlan 3 and vlan4 .
I create a dchp pool for each vlan with setting
on switch I create the vlans 3 and 4
assign ports to the vans
create trunk on f0/24 to rotuer.
it all works correctly
after I do the NAT/PAT as follows
int g0/0
ip nat outside
exit
int g0/1
ip nat inside
exit
ip access-list nwgs permit 192.168.1.1 0.0.0.255
ip nat sinde source list nwgs int g0/0 overload
debug i nat
all the commands are accepted without any problems....
the problem is when I run a ping I dont see the NAT output
so I think that my problem is in the access-list permit area, but I have tried the following with out being able to get it working
access-list nwgs permit 192.168.1.1 0.0.0.255
access-list nwgs permit 192.168.3.1 0.0.0.255
access-list nwgs permit 192.168.4.1 0.0.0.255
access-list nwgs permit 192.168.5.1 0.0.0.255
I still can't get it to work.
Any help with be very Welcome...
I have a question that I can't seem to figure out.
I know how to setup NAT/PAT and to test it out enable NAT ( debug ip nat ) and it turns on, then up do a ping and you can see NAT working.
So now I created sub interface on the router
int g0/1 no shut
int g0/1.3
encap dot1q 3
ip address 192.168.3.1 255.255.255.0
int g0/1 no shut
int g0/1.4
encap dot1q 4
ip address 192.168.4.1 255.255.255.0
The above sub interface are for vlan 3 and vlan4 .
I create a dchp pool for each vlan with setting
on switch I create the vlans 3 and 4
assign ports to the vans
create trunk on f0/24 to rotuer.
it all works correctly
after I do the NAT/PAT as follows
int g0/0
ip nat outside
exit
int g0/1
ip nat inside
exit
ip access-list nwgs permit 192.168.1.1 0.0.0.255
ip nat sinde source list nwgs int g0/0 overload
debug i nat
all the commands are accepted without any problems....
the problem is when I run a ping I dont see the NAT output
so I think that my problem is in the access-list permit area, but I have tried the following with out being able to get it working
access-list nwgs permit 192.168.1.1 0.0.0.255
access-list nwgs permit 192.168.3.1 0.0.0.255
access-list nwgs permit 192.168.4.1 0.0.0.255
access-list nwgs permit 192.168.5.1 0.0.0.255
I still can't get it to work.
Any help with be very Welcome...
remove nat commands from interfaces and do the "nat inside" "nat outside" under sub-interfaces
ASKER
Sorry,
Not exactly show how to do it, would you please write it out for me????
Thank you for your time.
Not exactly show how to do it, would you please write it out for me????
Thank you for your time.
Type this:
let me know if it works.
int g0/1
no ip nat inside
exit
int g0/1.3
ip nat inside
exit
int g0/1.4
ip nat inside
exit
exit
clear ip nat translation
let me know if it works.
ASKER
Sorry to bug you again, I did as you showed me ( thank you very much ).
But not sure what to do after with the permit ip ( part ) any
I attached a snap shoot.
Can you please explain what I'm doing wrong and how to fix it?
Than you...
NAT_PAT.PNG
But not sure what to do after with the permit ip ( part ) any
I attached a snap shoot.
Can you please explain what I'm doing wrong and how to fix it?
Than you...
NAT_PAT.PNG
your wings access list look OK. did you try if you can see the nat translations after your modification?
your nwgs** <sorry>
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
I was able to get it working.
due to having sub interfaces I needed to do an ACL for each interface (example)
access-list 100 permit ip 192.168.5.0 0.0.0.255 any
access-list 101 permit ip 192.168.6.0 0.0.0.255 any
once i did that everything started to work.
Thank you for you help.
due to having sub interfaces I needed to do an ACL for each interface (example)
access-list 100 permit ip 192.168.5.0 0.0.0.255 any
access-list 101 permit ip 192.168.6.0 0.0.0.255 any
once i did that everything started to work.
Thank you for you help.