troubleshooting Question
NAT/PAT unable to config correctly
asked on
Hello everyone.
So I created a simple network with 3 router, each with DHCP, VLAN, trunks ect...
Here is the config for R0NWGS
Current configuration : 2097 bytes
!
version 15.1
no service timestamps log datetime msec
no service timestamps debug datetime msec
service password-encryption
!
hostname R0NWGS
!
enable secret 5 $1$mERr$y/Ce7lzaUL0HOujQUg
!
ip dhcp excluded-address 192.168.2.1 192.168.2.10
ip dhcp excluded-address 192.168.3.1 192.168.3.10
ip dhcp excluded-address 192.168.4.1 192.168.4.10
!
ip dhcp pool HR
network 192.168.2.0 255.255.255.0
default-router 192.168.2.1
dns-server 192.168.2.5
ip dhcp pool ACC
network 192.168.3.0 255.255.255.0
default-router 192.168.3.1
dns-server 192.168.2.5
ip dhcp pool CEO
network 192.168.4.0 255.255.255.0
default-router 192.168.4.1
dns-server 192.168.2.5
!
ip cef
no ipv6 cef
!
username admin privilege 15 secret 5 $1$mERr$y/Ce7lzaUL0HOujQUg
!
license udi pid CISCO2911/K9 sn FTX1524F7W6
!
ip domain-name nwgs.local
!
!
spanning-tree mode pvst
!
interface GigabitEthernet0/0
ip address 50.73.7.209 255.255.255.0
ip nat outside
duplex auto
speed auto
!
interface GigabitEthernet0/1
no ip address
duplex auto
speed auto
!
interface GigabitEthernet0/1.2
encapsulation dot1Q 2
ip address 192.168.2.1 255.255.255.0
ip nat inside
!
interface GigabitEthernet0/1.3
encapsulation dot1Q 3
ip address 192.168.3.1 255.255.255.0
ip nat inside
!
interface GigabitEthernet0/1.4
encapsulation dot1Q 4
ip address 192.168.4.1 255.255.255.0
ip nat inside
!
interface GigabitEthernet0/2
ip address 70.73.7.209 255.255.255.0
duplex auto
speed auto
!
interface Vlan1
no ip address
shutdown
!
router eigrp 100
network 50.0.0.0
network 192.168.2.0
network 192.168.3.0
network 192.168.4.0
!
ip nat inside source list NAT interface GigabitEthernet0/0 overload
ip classless
!
ip flow-export version 9
!
ip access-list extended NAT
permit ip 192.168.2.0 0.0.0.255 any
permit ip 192.168.3.0 0.0.0.255 any
permit ip 192.168.4.0 0.0.0.255 any
permit ip any any
!
line con 0
password 7 082949420516
login
!
line aux 0
password 7 082949420516
login
!
line vty 0 3
login local
line vty 4
password 7 082949420516
login local
!
end
I have NAT/PAT enable and I can ping across to the other 2 network without any problem
When I do the same to R0MDG which has same setup as R0NWGS I can no longer ping to the 192.168.2.0 network, but can still ping to the 192.168.7.0 and 192.168.8.0 network.. Which NAT/PAT has not be config
Current configuration : 1803 bytes
!
version 15.1
no service timestamps log datetime msec
no service timestamps debug datetime msec
service password-encryption
!
hostname R)MDG
!
enable secret 5 $1$mERr$y/Ce7lzaUL0HOujQUg
!
ip dhcp excluded-address 192.168.5.1 192.168.5.10
ip dhcp excluded-address 192.168.6.1 192.168.6.10
!
ip dhcp pool SHP
network 192.168.5.0 255.255.255.0
default-router 192.168.5.1
dns-server 192.168.2.5
ip dhcp pool MARKET
network 192.168.6.0 255.255.255.0
default-router 192.168.6.1
dns-server 192.168.2.5
!
ip cef
no ipv6 cef
!
username admin privilege 15 secret 5 $1$mERr$y/Ce7lzaUL0HOujQUg
!
license udi pid CISCO2911/K9 sn FTX15246198
!
ip domain-name MDG.local
!
spanning-tree mode pvst
!
interface GigabitEthernet0/0
ip address 60.73.7.210 255.255.255.0
ip nat outside
duplex auto
speed auto
!
interface GigabitEthernet0/1
ip address 70.73.7.210 255.255.255.0
ip nat outside
duplex auto
speed auto
!
interface GigabitEthernet0/2
no ip address
duplex auto
speed auto
!
interface GigabitEthernet0/2.5
encapsulation dot1Q 5
ip address 192.168.5.1 255.255.255.0
ip nat inside
!
interface GigabitEthernet0/2.6
encapsulation dot1Q 6
ip address 192.168.6.1 255.255.255.0
ip nat inside
!
interface Vlan1
no ip address
shutdown
!
router eigrp 100
network 70.0.0.0
network 60.0.0.0
network 192.168.5.0
network 192.168.6.0
!
ip nat inside source list NAT1 interface GigabitEthernet0/0 overload
ip classless
!
ip flow-export version 9
!
!
ip access-list extended NAT1
permit ip 192.168.5.0 0.0.0.255 any
permit ip 192.168.6.0 0.0.0.255 any
permit ip any any
!
no cdp run
!
line con 0
password 7 082949420516
login
!
line aux 0
password 7 082949420516
login
!
line vty 0 4
password 7 082949420516
login local
!
end
Then if I remove PAT I can ping the 2.0 network again.
What I'm I doing wrong, cant figure it out.
Respectfully
J.Pieniro
So I created a simple network with 3 router, each with DHCP, VLAN, trunks ect...
Here is the config for R0NWGS
Current configuration : 2097 bytes
!
version 15.1
no service timestamps log datetime msec
no service timestamps debug datetime msec
service password-encryption
!
hostname R0NWGS
!
enable secret 5 $1$mERr$y/Ce7lzaUL0HOujQUg
!
ip dhcp excluded-address 192.168.2.1 192.168.2.10
ip dhcp excluded-address 192.168.3.1 192.168.3.10
ip dhcp excluded-address 192.168.4.1 192.168.4.10
!
ip dhcp pool HR
network 192.168.2.0 255.255.255.0
default-router 192.168.2.1
dns-server 192.168.2.5
ip dhcp pool ACC
network 192.168.3.0 255.255.255.0
default-router 192.168.3.1
dns-server 192.168.2.5
ip dhcp pool CEO
network 192.168.4.0 255.255.255.0
default-router 192.168.4.1
dns-server 192.168.2.5
!
ip cef
no ipv6 cef
!
username admin privilege 15 secret 5 $1$mERr$y/Ce7lzaUL0HOujQUg
!
license udi pid CISCO2911/K9 sn FTX1524F7W6
!
ip domain-name nwgs.local
!
!
spanning-tree mode pvst
!
interface GigabitEthernet0/0
ip address 50.73.7.209 255.255.255.0
ip nat outside
duplex auto
speed auto
!
interface GigabitEthernet0/1
no ip address
duplex auto
speed auto
!
interface GigabitEthernet0/1.2
encapsulation dot1Q 2
ip address 192.168.2.1 255.255.255.0
ip nat inside
!
interface GigabitEthernet0/1.3
encapsulation dot1Q 3
ip address 192.168.3.1 255.255.255.0
ip nat inside
!
interface GigabitEthernet0/1.4
encapsulation dot1Q 4
ip address 192.168.4.1 255.255.255.0
ip nat inside
!
interface GigabitEthernet0/2
ip address 70.73.7.209 255.255.255.0
duplex auto
speed auto
!
interface Vlan1
no ip address
shutdown
!
router eigrp 100
network 50.0.0.0
network 192.168.2.0
network 192.168.3.0
network 192.168.4.0
!
ip nat inside source list NAT interface GigabitEthernet0/0 overload
ip classless
!
ip flow-export version 9
!
ip access-list extended NAT
permit ip 192.168.2.0 0.0.0.255 any
permit ip 192.168.3.0 0.0.0.255 any
permit ip 192.168.4.0 0.0.0.255 any
permit ip any any
!
line con 0
password 7 082949420516
login
!
line aux 0
password 7 082949420516
login
!
line vty 0 3
login local
line vty 4
password 7 082949420516
login local
!
end
I have NAT/PAT enable and I can ping across to the other 2 network without any problem
When I do the same to R0MDG which has same setup as R0NWGS I can no longer ping to the 192.168.2.0 network, but can still ping to the 192.168.7.0 and 192.168.8.0 network.. Which NAT/PAT has not be config
Current configuration : 1803 bytes
!
version 15.1
no service timestamps log datetime msec
no service timestamps debug datetime msec
service password-encryption
!
hostname R)MDG
!
enable secret 5 $1$mERr$y/Ce7lzaUL0HOujQUg
!
ip dhcp excluded-address 192.168.5.1 192.168.5.10
ip dhcp excluded-address 192.168.6.1 192.168.6.10
!
ip dhcp pool SHP
network 192.168.5.0 255.255.255.0
default-router 192.168.5.1
dns-server 192.168.2.5
ip dhcp pool MARKET
network 192.168.6.0 255.255.255.0
default-router 192.168.6.1
dns-server 192.168.2.5
!
ip cef
no ipv6 cef
!
username admin privilege 15 secret 5 $1$mERr$y/Ce7lzaUL0HOujQUg
!
license udi pid CISCO2911/K9 sn FTX15246198
!
ip domain-name MDG.local
!
spanning-tree mode pvst
!
interface GigabitEthernet0/0
ip address 60.73.7.210 255.255.255.0
ip nat outside
duplex auto
speed auto
!
interface GigabitEthernet0/1
ip address 70.73.7.210 255.255.255.0
ip nat outside
duplex auto
speed auto
!
interface GigabitEthernet0/2
no ip address
duplex auto
speed auto
!
interface GigabitEthernet0/2.5
encapsulation dot1Q 5
ip address 192.168.5.1 255.255.255.0
ip nat inside
!
interface GigabitEthernet0/2.6
encapsulation dot1Q 6
ip address 192.168.6.1 255.255.255.0
ip nat inside
!
interface Vlan1
no ip address
shutdown
!
router eigrp 100
network 70.0.0.0
network 60.0.0.0
network 192.168.5.0
network 192.168.6.0
!
ip nat inside source list NAT1 interface GigabitEthernet0/0 overload
ip classless
!
ip flow-export version 9
!
!
ip access-list extended NAT1
permit ip 192.168.5.0 0.0.0.255 any
permit ip 192.168.6.0 0.0.0.255 any
permit ip any any
!
no cdp run
!
line con 0
password 7 082949420516
login
!
line aux 0
password 7 082949420516
login
!
line vty 0 4
password 7 082949420516
login local
!
end
Then if I remove PAT I can ping the 2.0 network again.
What I'm I doing wrong, cant figure it out.
Respectfully
J.Pieniro
Learn from the best
Network and collaborate with thousands of CTOs, CISOs, and IT Pros rooting for you and your success.
Andrew Hancock - VMware vExpert
See if this solution works for you by signing up for a 7 day free trial.
Unlock 1 Answer and 7 Comments.
Try for 7 days”The time we save is the biggest benefit of E-E to our team. What could take multiple guys 2 hours or more each to find is accessed in around 15 minutes on Experts Exchange.
Our community of experts have been thoroughly vetted for their expertise and industry experience.
The Distinguished Expert awards are presented to the top veteran and rookie experts to earn the most points in the top 50 topics.