NAT/PAT unable to config correctly

Hello everyone.

So I created a simple network with 3 router, each with DHCP, VLAN, trunks ect...
Here is the config for R0NWGS
Current configuration : 2097 bytes
!
version 15.1
no service timestamps log datetime msec
no service timestamps debug datetime msec
service password-encryption
!
hostname R0NWGS
!
enable secret 5 $1$mERr$y/Ce7lzaUL0HOujQUgwuB/
!
ip dhcp excluded-address 192.168.2.1 192.168.2.10
ip dhcp excluded-address 192.168.3.1 192.168.3.10
ip dhcp excluded-address 192.168.4.1 192.168.4.10
!
ip dhcp pool HR
 network 192.168.2.0 255.255.255.0
 default-router 192.168.2.1
 dns-server 192.168.2.5
ip dhcp pool ACC
 network 192.168.3.0 255.255.255.0
 default-router 192.168.3.1
 dns-server 192.168.2.5
ip dhcp pool CEO
 network 192.168.4.0 255.255.255.0
 default-router 192.168.4.1
 dns-server 192.168.2.5
!
ip cef
no ipv6 cef
!
username admin privilege 15 secret 5 $1$mERr$y/Ce7lzaUL0HOujQUgwuB/
!
license udi pid CISCO2911/K9 sn FTX1524F7W6
!
ip domain-name nwgs.local
!
!
spanning-tree mode pvst
!
interface GigabitEthernet0/0
 ip address 50.73.7.209 255.255.255.0
 ip nat outside
 duplex auto
 speed auto
!
interface GigabitEthernet0/1
 no ip address
 duplex auto
 speed auto
!
interface GigabitEthernet0/1.2
 encapsulation dot1Q 2
 ip address 192.168.2.1 255.255.255.0
 ip nat inside
!
interface GigabitEthernet0/1.3
 encapsulation dot1Q 3
 ip address 192.168.3.1 255.255.255.0
 ip nat inside
!
interface GigabitEthernet0/1.4
 encapsulation dot1Q 4
 ip address 192.168.4.1 255.255.255.0
 ip nat inside
!
interface GigabitEthernet0/2
 ip address 70.73.7.209 255.255.255.0
 duplex auto
 speed auto
!
interface Vlan1
 no ip address
 shutdown
!
router eigrp 100
 network 50.0.0.0
 network 192.168.2.0
 network 192.168.3.0
 network 192.168.4.0
!
ip nat inside source list NAT interface GigabitEthernet0/0 overload
ip classless
!
ip flow-export version 9
!
ip access-list extended NAT
 permit ip 192.168.2.0 0.0.0.255 any
 permit ip 192.168.3.0 0.0.0.255 any
 permit ip 192.168.4.0 0.0.0.255 any
 permit ip any any
!
line con 0
 password 7 082949420516
 login
!
line aux 0
 password 7 082949420516
 login
!
line vty 0 3
 login local
line vty 4
 password 7 082949420516
 login local
!
end

I have NAT/PAT enable and I can ping across to the other 2 network without any problem

When I do the same to R0MDG which has same setup as R0NWGS I can no longer ping to the 192.168.2.0 network, but can still ping to the 192.168.7.0 and 192.168.8.0 network.. Which NAT/PAT has not be config

Current configuration : 1803 bytes
!
version 15.1
no service timestamps log datetime msec
no service timestamps debug datetime msec
service password-encryption
!
hostname R)MDG
!
enable secret 5 $1$mERr$y/Ce7lzaUL0HOujQUgwuB/
!
ip dhcp excluded-address 192.168.5.1 192.168.5.10
ip dhcp excluded-address 192.168.6.1 192.168.6.10
!
ip dhcp pool SHP
 network 192.168.5.0 255.255.255.0
 default-router 192.168.5.1
 dns-server 192.168.2.5
ip dhcp pool MARKET
 network 192.168.6.0 255.255.255.0
 default-router 192.168.6.1
 dns-server 192.168.2.5
!
ip cef
no ipv6 cef
!
username admin privilege 15 secret 5 $1$mERr$y/Ce7lzaUL0HOujQUgwuB/
!
license udi pid CISCO2911/K9 sn FTX15246198
!
ip domain-name MDG.local
!
spanning-tree mode pvst
!
interface GigabitEthernet0/0
 ip address 60.73.7.210 255.255.255.0
 ip nat outside
 duplex auto
 speed auto
!
interface GigabitEthernet0/1
 ip address 70.73.7.210 255.255.255.0
 ip nat outside
 duplex auto
 speed auto
!
interface GigabitEthernet0/2
 no ip address
 duplex auto
 speed auto
!
interface GigabitEthernet0/2.5
 encapsulation dot1Q 5
 ip address 192.168.5.1 255.255.255.0
 ip nat inside
!
interface GigabitEthernet0/2.6
 encapsulation dot1Q 6
 ip address 192.168.6.1 255.255.255.0
 ip nat inside
!
interface Vlan1
 no ip address
 shutdown
!
router eigrp 100
 network 70.0.0.0
 network 60.0.0.0
 network 192.168.5.0
 network 192.168.6.0
!
ip nat inside source list NAT1 interface GigabitEthernet0/0 overload
ip classless
!
ip flow-export version 9
!
!
ip access-list extended NAT1
 permit ip 192.168.5.0 0.0.0.255 any
 permit ip 192.168.6.0 0.0.0.255 any
 permit ip any any
!
no cdp run
!
line con 0
 password 7 082949420516
 login
!
line aux 0
 password 7 082949420516
 login
!
line vty 0 4
 password 7 082949420516
 login local
!
end

Then if I remove PAT I can ping the 2.0 network again.

What I'm I doing wrong, cant figure it out.

Respectfully
J.Pieniro
Juan PineiroAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

JustInCaseCommented:
As soon as you configure NAT you can't ping since you need to configure port forward or static NAT to be able to reach devices between NAT.
So, you are not doing anything wrong, that's how technology works.
0
Juan PineiroAuthor Commented:
Sorry a bit confused,  

I have EIGRP config on all the routers.
So you are saying that I still need a static NAT even if I have EIGRP?

So to fix this i need to create a one to one Static NAT from router to router?
0
JustInCaseCommented:
You can use tunnels (typically this is used to go around your the problem).
0
Prepare for an Exciting Career in Cybersecurity

Help prevent cyber-threats and provide solutions to safeguard our global digital economy. Earn your MS in Cybersecurity. WGU’s MSCSIA degree program curriculum features two internationally recognized certifications from the EC-Council at no additional time or cost.

Juan PineiroAuthor Commented:
So if I'm just going out from network out to internet I would just do a normal nat/pat.

In this setup it's the router to router that is causing the problem, correct.

I'll try doing the one to one static Nat on each interface.
0
JustInCaseCommented:
Problem is that NAT is allowing exit out of the network, but not easy entrance into network.
Tunnels are way much more better solution for what you are trying to achieve. For more that 2 routers DMVPN is recommended solution for Cisco devices.
0
Juan PineiroAuthor Commented:
Thank you for your help
0
JustInCaseCommented:
You're welcome.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Cisco

From novice to tech pro — start learning today.