troubleshooting Question

NAT/PAT unable to config correctly

Avatar of Juan Pineiro
Juan PineiroFlag for United States of America asked on
CiscoNetwork OperationsRouters
7 Comments1 Solution261 ViewsLast Modified:
Hello everyone.

So I created a simple network with 3 router, each with DHCP, VLAN, trunks ect...
Here is the config for R0NWGS
Current configuration : 2097 bytes
!
version 15.1
no service timestamps log datetime msec
no service timestamps debug datetime msec
service password-encryption
!
hostname R0NWGS
!
enable secret 5 $1$mERr$y/Ce7lzaUL0HOujQUgwuB/
!
ip dhcp excluded-address 192.168.2.1 192.168.2.10
ip dhcp excluded-address 192.168.3.1 192.168.3.10
ip dhcp excluded-address 192.168.4.1 192.168.4.10
!
ip dhcp pool HR
 network 192.168.2.0 255.255.255.0
 default-router 192.168.2.1
 dns-server 192.168.2.5
ip dhcp pool ACC
 network 192.168.3.0 255.255.255.0
 default-router 192.168.3.1
 dns-server 192.168.2.5
ip dhcp pool CEO
 network 192.168.4.0 255.255.255.0
 default-router 192.168.4.1
 dns-server 192.168.2.5
!
ip cef
no ipv6 cef
!
username admin privilege 15 secret 5 $1$mERr$y/Ce7lzaUL0HOujQUgwuB/
!
license udi pid CISCO2911/K9 sn FTX1524F7W6
!
ip domain-name nwgs.local
!
!
spanning-tree mode pvst
!
interface GigabitEthernet0/0
 ip address 50.73.7.209 255.255.255.0
 ip nat outside
 duplex auto
 speed auto
!
interface GigabitEthernet0/1
 no ip address
 duplex auto
 speed auto
!
interface GigabitEthernet0/1.2
 encapsulation dot1Q 2
 ip address 192.168.2.1 255.255.255.0
 ip nat inside
!
interface GigabitEthernet0/1.3
 encapsulation dot1Q 3
 ip address 192.168.3.1 255.255.255.0
 ip nat inside
!
interface GigabitEthernet0/1.4
 encapsulation dot1Q 4
 ip address 192.168.4.1 255.255.255.0
 ip nat inside
!
interface GigabitEthernet0/2
 ip address 70.73.7.209 255.255.255.0
 duplex auto
 speed auto
!
interface Vlan1
 no ip address
 shutdown
!
router eigrp 100
 network 50.0.0.0
 network 192.168.2.0
 network 192.168.3.0
 network 192.168.4.0
!
ip nat inside source list NAT interface GigabitEthernet0/0 overload
ip classless
!
ip flow-export version 9
!
ip access-list extended NAT
 permit ip 192.168.2.0 0.0.0.255 any
 permit ip 192.168.3.0 0.0.0.255 any
 permit ip 192.168.4.0 0.0.0.255 any
 permit ip any any
!
line con 0
 password 7 082949420516
 login
!
line aux 0
 password 7 082949420516
 login
!
line vty 0 3
 login local
line vty 4
 password 7 082949420516
 login local
!
end

I have NAT/PAT enable and I can ping across to the other 2 network without any problem

When I do the same to R0MDG which has same setup as R0NWGS I can no longer ping to the 192.168.2.0 network, but can still ping to the 192.168.7.0 and 192.168.8.0 network.. Which NAT/PAT has not be config

Current configuration : 1803 bytes
!
version 15.1
no service timestamps log datetime msec
no service timestamps debug datetime msec
service password-encryption
!
hostname R)MDG
!
enable secret 5 $1$mERr$y/Ce7lzaUL0HOujQUgwuB/
!
ip dhcp excluded-address 192.168.5.1 192.168.5.10
ip dhcp excluded-address 192.168.6.1 192.168.6.10
!
ip dhcp pool SHP
 network 192.168.5.0 255.255.255.0
 default-router 192.168.5.1
 dns-server 192.168.2.5
ip dhcp pool MARKET
 network 192.168.6.0 255.255.255.0
 default-router 192.168.6.1
 dns-server 192.168.2.5
!
ip cef
no ipv6 cef
!
username admin privilege 15 secret 5 $1$mERr$y/Ce7lzaUL0HOujQUgwuB/
!
license udi pid CISCO2911/K9 sn FTX15246198
!
ip domain-name MDG.local
!
spanning-tree mode pvst
!
interface GigabitEthernet0/0
 ip address 60.73.7.210 255.255.255.0
 ip nat outside
 duplex auto
 speed auto
!
interface GigabitEthernet0/1
 ip address 70.73.7.210 255.255.255.0
 ip nat outside
 duplex auto
 speed auto
!
interface GigabitEthernet0/2
 no ip address
 duplex auto
 speed auto
!
interface GigabitEthernet0/2.5
 encapsulation dot1Q 5
 ip address 192.168.5.1 255.255.255.0
 ip nat inside
!
interface GigabitEthernet0/2.6
 encapsulation dot1Q 6
 ip address 192.168.6.1 255.255.255.0
 ip nat inside
!
interface Vlan1
 no ip address
 shutdown
!
router eigrp 100
 network 70.0.0.0
 network 60.0.0.0
 network 192.168.5.0
 network 192.168.6.0
!
ip nat inside source list NAT1 interface GigabitEthernet0/0 overload
ip classless
!
ip flow-export version 9
!
!
ip access-list extended NAT1
 permit ip 192.168.5.0 0.0.0.255 any
 permit ip 192.168.6.0 0.0.0.255 any
 permit ip any any
!
no cdp run
!
line con 0
 password 7 082949420516
 login
!
line aux 0
 password 7 082949420516
 login
!
line vty 0 4
 password 7 082949420516
 login local
!
end

Then if I remove PAT I can ping the 2.0 network again.

What I'm I doing wrong, cant figure it out.

Respectfully
J.Pieniro
ASKER CERTIFIED SOLUTION
Join our community to see this answer!
Unlock 1 Answer and 7 Comments.
Start Free Trial
Learn from the best

Network and collaborate with thousands of CTOs, CISOs, and IT Pros rooting for you and your success.

Andrew Hancock - VMware vExpert
See if this solution works for you by signing up for a 7 day free trial.
Unlock 1 Answer and 7 Comments.
Try for 7 days

”The time we save is the biggest benefit of E-E to our team. What could take multiple guys 2 hours or more each to find is accessed in around 15 minutes on Experts Exchange.

-Mike Kapnisakis, Warner Bros