2 Replies Latest reply: Jun 17, 2018 11:17 PM by Marcus RSS

    Problem with NAT

    Marcus

      Hi!

       

      I'm having trouble with getting NAT communication in a very simple packet tracer network to work.

      This is the topology:

      nat1.png

      I have nat running on both routers. The problem is that I can't ping between the two PC's.

      The PC in the bottom has IP adress 192.168.1.10 and the one at the top has 192.168.2.20. I can ping the PCs from both routers, and I can ping both routers from both PCs.

      When I try to ping between the PCs according to the Simulation Panel the package reaches the other PC, but on the way back it stops at the router closest to the originator PC, send out an ARP request for a different IP than the one the PC has.

       

      Here's the PDU:

       

      nat2.png

      So even though the originator adress is 192.168.1.10 the destination in the PDU is 192.168.1.2. The only connection I can make to that adress is that that is the first adress in the nat pool.

       

      And here is the configs for the routers:

       

      Router 5:

       

      Current configuration : 997 bytes

      !

      version 15.1

      no service timestamps log datetime msec

      no service timestamps debug datetime msec

      no service password-encryption

      !

      hostname Router

      !

      !

      !

      !

      !

      !

      !

      !

      ip cef

      no ipv6 cef

      !

      !

      !

      !

      license udi pid CISCO2911/K9 sn FTX1524OA3N

      !

      !

      !

      !

      !

      !

      !

      !

      !

      !

      !

      spanning-tree mode pvst

      !

      !

      !

      !

      !

      !

      interface GigabitEthernet0/0

      ip address 8.8.8.9 255.0.0.0

      ip nat outside

      duplex auto

      speed auto

      !

      interface GigabitEthernet0/1

      no ip address

      duplex auto

      speed auto

      !

      interface GigabitEthernet0/1.10

      encapsulation dot1Q 10

      ip address 192.168.2.1 255.255.255.0

      ip nat inside

      !

      interface GigabitEthernet0/2

      no ip address

      duplex auto

      speed auto

      shutdown

      !

      interface Vlan1

      no ip address

      shutdown

      !

      ip nat pool nat 192.168.2.2 192.168.2.254 netmask 255.255.255.0

      ip nat inside source list 1 pool nat overload

      ip classless

      ip route 0.0.0.0 0.0.0.0 8.8.8.8

      !

      ip flow-export version 9

      !

      !

      access-list 1 permit 192.168.2.0 0.0.0.255

      !

      !

      !

      !

      !

      line con 0

      !

      line aux 0

      !

      line vty 0 4

      login

      !

      !

      !

      end

       

      Router 6:

       

      Current configuration : 1024 bytes

      !

      version 15.1

      no service timestamps log datetime msec

      no service timestamps debug datetime msec

      no service password-encryption

      !

      hostname Router

      !

      !

      !

      !

      !

      !

      !

      !

      ip cef

      no ipv6 cef

      !

      !

      !

      !

      license udi pid CISCO2911/K9 sn FTX15240SMD

      !

      !

      !

      !

      !

      !

      !

      !

      !

      !

      !

      spanning-tree mode pvst

      !

      !

      !

      !

      !

      !

      interface GigabitEthernet0/0

      ip address 8.8.8.8 255.0.0.0

      ip nat outside

      duplex auto

      speed auto

      !

      interface GigabitEthernet0/1

      no ip address

      duplex auto

      speed auto

      !

      interface GigabitEthernet0/1.10

      encapsulation dot1Q 10

      ip address 192.168.1.1 255.255.255.0

      ip nat inside

      !

      interface GigabitEthernet0/2

      no ip address

      duplex auto

      speed auto

      shutdown

      !

      interface Vlan1

      no ip address

      shutdown

      !

      ip nat pool nat1 192.168.1.2 192.168.1.254 netmask 255.255.255.0

      ip nat inside source list 1 pool nat1 overload

      ip classless

      ip route 0.0.0.0 0.0.0.0 8.8.8.9

      !

      ip flow-export version 9

      !

      !

      access-list 1 permit 192.168.1.0 0.0.0.255

      access-list 2 permit any

      !

      !

      !

      !

      !

      line con 0

      !

      line aux 0

      !

      line vty 0 4

      login

      !

      !

      !

      end

       

      Thanks in advance!
      Best wishes,

      Marcus Jehrlander