Hello everyone.
So I created a simple network with 3 router, each with DHCP, VLAN, trunks ect...
Here is the config for R0NWGS
Current configuration : 2097 bytes
!
version 15.1
no service timestamps log datetime msec
no service timestamps debug datetime msec
service password-encryption
!
hostname R0NWGS
!
enable secret 5 $1$mERr$y/Ce7lzaUL0HOujQUgwuB/
!
ip dhcp excluded-address 192.168.2.1 192.168.2.10
ip dhcp excluded-address 192.168.3.1 192.168.3.10
ip dhcp excluded-address 192.168.4.1 192.168.4.10
!
ip dhcp pool HR
network 192.168.2.0 255.255.255.0
default-router 192.168.2.1
dns-server 192.168.2.5
ip dhcp pool ACC
network 192.168.3.0 255.255.255.0
default-router 192.168.3.1
dns-server 192.168.2.5
ip dhcp pool CEO
network 192.168.4.0 255.255.255.0
default-router 192.168.4.1
dns-server 192.168.2.5
!
ip cef
no ipv6 cef
!
username admin privilege 15 secret 5 $1$mERr$y/Ce7lzaUL0HOujQUgwuB/
!
license udi pid CISCO2911/K9 sn FTX1524F7W6
!
ip domain-name nwgs.local
!
!
spanning-tree mode pvst
!
interface GigabitEthernet0/0
ip address 50.73.7.209 255.255.255.0
ip nat outside
duplex auto
speed auto
!
interface GigabitEthernet0/1
no ip address
duplex auto
speed auto
!
interface GigabitEthernet0/1.2
encapsulation dot1Q 2
ip address 192.168.2.1 255.255.255.0
ip nat inside
!
interface GigabitEthernet0/1.3
encapsulation dot1Q 3
ip address 192.168.3.1 255.255.255.0
ip nat inside
!
interface GigabitEthernet0/1.4
encapsulation dot1Q 4
ip address 192.168.4.1 255.255.255.0
ip nat inside
!
interface GigabitEthernet0/2
ip address 70.73.7.209 255.255.255.0
duplex auto
speed auto
!
interface Vlan1
no ip address
shutdown
!
router eigrp 100
network 50.0.0.0
network 192.168.2.0
network 192.168.3.0
network 192.168.4.0
!
ip nat inside source list NAT interface GigabitEthernet0/0 overload
ip classless
!
ip flow-export version 9
!
ip access-list extended NAT
permit ip 192.168.2.0 0.0.0.255 any
permit ip 192.168.3.0 0.0.0.255 any
permit ip 192.168.4.0 0.0.0.255 any
permit ip any any
!
line con 0
password 7 082949420516
login
!
line aux 0
password 7 082949420516
login
!
line vty 0 3
login local
line vty 4
password 7 082949420516
login local
!
end
I have NAT/PAT enable and I can ping across to the other 2 network without any problem
When I do the same to R0MDG which has same setup as R0NWGS I can no longer ping to the 192.168.2.0 network, but can still ping to the 192.168.7.0 and 192.168.8.0 network.. Which NAT/PAT has not be config
Current configuration : 1803 bytes
!
version 15.1
no service timestamps log datetime msec
no service timestamps debug datetime msec
service password-encryption
!
hostname R)MDG
!
enable secret 5 $1$mERr$y/Ce7lzaUL0HOujQUgwuB/
!
ip dhcp excluded-address 192.168.5.1 192.168.5.10
ip dhcp excluded-address 192.168.6.1 192.168.6.10
!
ip dhcp pool SHP
network 192.168.5.0 255.255.255.0
default-router 192.168.5.1
dns-server 192.168.2.5
ip dhcp pool MARKET
network 192.168.6.0 255.255.255.0
default-router 192.168.6.1
dns-server 192.168.2.5
!
ip cef
no ipv6 cef
!
username admin privilege 15 secret 5 $1$mERr$y/Ce7lzaUL0HOujQUgwuB/
!
license udi pid CISCO2911/K9 sn FTX15246198
!
ip domain-name MDG.local
!
spanning-tree mode pvst
!
interface GigabitEthernet0/0
ip address 60.73.7.210 255.255.255.0
ip nat outside
duplex auto
speed auto
!
interface GigabitEthernet0/1
ip address 70.73.7.210 255.255.255.0
ip nat outside
duplex auto
speed auto
!
interface GigabitEthernet0/2
no ip address
duplex auto
speed auto
!
interface GigabitEthernet0/2.5
encapsulation dot1Q 5
ip address 192.168.5.1 255.255.255.0
ip nat inside
!
interface GigabitEthernet0/2.6
encapsulation dot1Q 6
ip address 192.168.6.1 255.255.255.0
ip nat inside
!
interface Vlan1
no ip address
shutdown
!
router eigrp 100
network 70.0.0.0
network 60.0.0.0
network 192.168.5.0
network 192.168.6.0
!
ip nat inside source list NAT1 interface GigabitEthernet0/0 overload
ip classless
!
ip flow-export version 9
!
!
ip access-list extended NAT1
permit ip 192.168.5.0 0.0.0.255 any
permit ip 192.168.6.0 0.0.0.255 any
permit ip any any
!
no cdp run
!
line con 0
password 7 082949420516
login
!
line aux 0
password 7 082949420516
login
!
line vty 0 4
password 7 082949420516
login local
!
end
Then if I remove PAT I can ping the 2.0 network again.
What I'm I doing wrong, cant figure it out.
Respectfully
J.Pieniro
So, you are not doing anything wrong, that's how technology works.