Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > Newsgroups > Computing > Cisco > InterVLAN and Static NAT

Reply
Thread Tools

InterVLAN and Static NAT

 
 
Nyerere
Guest
Posts: n/a
 
      12-02-2008
I have configured two clients on a Cisco 1841 router and Cisco
Catalyst 2960 Switch using InterVLAN and static NAT. The problem is
that from Client 2 Server I cannot access the internet whereas I can
from Client 1 Server. Client 1 Server is acting as a DNS server for
the entire network. But if I remove the Client 2 Server static NAT
both Servers can go through to the internet.

My configurations are as follows:

2960 Switch:

no file verify
auto
spanning-tree mode
pvst
spanning-tree extend system-
id
!
vlan internal allocation policy
ascending
!
interface
FastEthernet0/7
switchport access vlan
10
spanning-tree
portfast
!
interface
FastEthernet0/13
switchport access vlan
20
!
interface
FastEthernet0/24
switchport mode
trunk
!
interface
Vlan1
ip address 192.168.1.3
255.255.255.0
no ip route-
cache
!
ip default-gateway 192.168.1.1


Cisco 1841 Router:
!
interface
Null0
no ip
unreachables
!
interface
FastEthernet0/0
description $FW_INSIDE
$
no ip
address
no ip
redirects
no ip
unreachables
no ip proxy-
arp
ip nbar protocol-
discovery
ip nat
inside
ip virtual-
reassembly
ip route-cache
flow
duplex
auto
speed
auto
no mop
enabled
!
interface
FastEthernet0/0.10
description $ Client 1
$
encapsulation dot1Q
10
ip address 192.168.10.1
255.255.255.0
ip nat
inside
!
interface
FastEthernet0/0.20
description $ Client 2
$
encapsulation dot1Q
20
ip address 192.168.20.1
255.255.255.0
ip nat
inside
!
interface
FastEthernet0/0.100
description Management NATIVE
VLAN
encapsulation dot1Q 1
native
ip address 192.168.1.1
255.255.255.0
ip nat
inside
!
interface
FastEthernet0/1
description $ User Access Network
$
ip address 192.168.2.1
255.255.255.0
ip nat
inside
!
interface
Serial0/0/0
description Link to the
Internet
bandwidth
512
ip address 196.X.X.98
255.255.255.252
ip nat
outside
!
ip route 0.0.0.0 0.0.0.0 196.X.X.
97
!
ip nat inside source list 10 interface Serial0/0/0
overload
ip nat inside source static 192.168.10.2 196.1X.X.35 (Client 1 Mail
Server, using 192.168.10.1 as
gateway)
ip nat inside source static 192.168.20.2 196.2X.X.18 (Client 2 Mail
Server, using 192.168.20.1 as gateway)
!
access-list 10 permit 192.168.1.0
0.0.0.255
access-list 10 permit 192.168.2.0
0.0.0.255
access-list 10 permit 192.168.10.0
0.0.0.255
access-list 10 permit 192.168.20.0
0.0.0.255
!

 
Reply With Quote
 
 
 
 
bod43
Guest
Posts: n/a
 
      12-02-2008
On 2 Dec, 10:21, Nyerere <(E-Mail Removed)> wrote:
> I have configured two clients on a Cisco 1841 router and Cisco
> Catalyst 2960 Switch using InterVLAN and static NAT. The problem is
> that from Client 2 Server I cannot access the internet whereas I can
> from Client 1 Server. Client 1 Server is acting as a DNS server for
> the entire network. But if I remove the Client 2 Server static NAT
> both Servers can go through to the internet.
>
> My configurations are as follows:


Thanks for the well described problem and decent
initial data - something to work with.

The one thing that looks awry is that you will be NATting
the traffic between the two servers when they are doing DNS.

You need to change the NAT list to an extended ACL
and exclude 192.168.10.x <--> 192.168.20.x traffic.

Ah no - they are both ip NAT inside and so that
should not be the case.
Hmmm.

I would have a look at "sh ip nat tr" to check that
you were not getting some strange NAT going on
anyway.

There is a new NAT scheme (single interface NAT -
let me call it) available now so maybe the router is
confused.

When you say "from Client 2 Server I cannot access
the internet" I assume you mean browse the web.
the only possible flaw in your initial description
is that you could have tested with a numeric traceroute
and or ping and posted the results. This would have allowed
readers to determine if it was likely a DNS problem or
a basic communications problem.

So:-
Ping between the two servers to see if they can comunicate.
Determine if IP communications is working to the internet
with ping and or traceroute (tracert on windows).
Determine if DNS is working on Client 2.
Post software version of router.
Look at - sh ip nat tr after you have seen failure
debug ip nat is very good as long as you can isolate the
traffic - i.e.there is not too much.

report on above if you need further assistance
 
Reply With Quote
 
 
 
 
pnorten462 pnorten462 is offline
Junior Member
Join Date: Nov 2008
Posts: 10
 
      12-08-2008
Thank you for giving this useful information. i will try this.
 
Reply With Quote
 
 
 
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
policy nat and static NAt wtpandar Cisco 0 09-12-2006 01:53 AM
acl+Static nat+Dynamic Nat yadap Cisco 0 08-31-2006 06:50 AM
IPSec tunnels + NAT overload + NAT static alpertech@yahoo.ca Cisco 1 01-20-2006 02:52 PM
NAT overload with some static NAT's and a block public IP's Ronald de Leeuw Cisco 2 07-03-2005 05:45 PM
NAT exemption versus Static NAT. Where is the difference? Anonymous Poster Cisco 0 04-26-2004 04:29 AM



Advertisments