InterVLAN and Static NAT

Discussion in 'Cisco' started by Nyerere, Dec 2, 2008.

  1. Nyerere

    Nyerere Guest

    I have configured two clients on a Cisco 1841 router and Cisco
    Catalyst 2960 Switch using InterVLAN and static NAT. The problem is
    that from Client 2 Server I cannot access the internet whereas I can
    from Client 1 Server. Client 1 Server is acting as a DNS server for
    the entire network. But if I remove the Client 2 Server static NAT
    both Servers can go through to the internet.

    My configurations are as follows:

    2960 Switch:

    no file verify
    auto
    spanning-tree mode
    pvst
    spanning-tree extend system-
    id
    !
    vlan internal allocation policy
    ascending
    !
    interface
    FastEthernet0/7
    switchport access vlan
    10
    spanning-tree
    portfast
    !
    interface
    FastEthernet0/13
    switchport access vlan
    20
    !
    interface
    FastEthernet0/24
    switchport mode
    trunk
    !
    interface
    Vlan1
    ip address 192.168.1.3
    255.255.255.0
    no ip route-
    cache
    !
    ip default-gateway 192.168.1.1


    Cisco 1841 Router:
    !
    interface
    Null0
    no ip
    unreachables
    !
    interface
    FastEthernet0/0
    description $FW_INSIDE
    $
    no ip
    address
    no ip
    redirects
    no ip
    unreachables
    no ip proxy-
    arp
    ip nbar protocol-
    discovery
    ip nat
    inside
    ip virtual-
    reassembly
    ip route-cache
    flow
    duplex
    auto
    speed
    auto
    no mop
    enabled
    !
    interface
    FastEthernet0/0.10
    description $ Client 1
    $
    encapsulation dot1Q
    10
    ip address 192.168.10.1
    255.255.255.0
    ip nat
    inside
    !
    interface
    FastEthernet0/0.20
    description $ Client 2
    $
    encapsulation dot1Q
    20
    ip address 192.168.20.1
    255.255.255.0
    ip nat
    inside
    !
    interface
    FastEthernet0/0.100
    description Management NATIVE
    VLAN
    encapsulation dot1Q 1
    native
    ip address 192.168.1.1
    255.255.255.0
    ip nat
    inside
    !
    interface
    FastEthernet0/1
    description $ User Access Network
    $
    ip address 192.168.2.1
    255.255.255.0
    ip nat
    inside
    !
    interface
    Serial0/0/0
    description Link to the
    Internet
    bandwidth
    512
    ip address 196.X.X.98
    255.255.255.252
    ip nat
    outside
    !
    ip route 0.0.0.0 0.0.0.0 196.X.X.
    97
    !
    ip nat inside source list 10 interface Serial0/0/0
    overload
    ip nat inside source static 192.168.10.2 196.1X.X.35 (Client 1 Mail
    Server, using 192.168.10.1 as
    gateway)
    ip nat inside source static 192.168.20.2 196.2X.X.18 (Client 2 Mail
    Server, using 192.168.20.1 as gateway)
    !
    access-list 10 permit 192.168.1.0
    0.0.0.255
    access-list 10 permit 192.168.2.0
    0.0.0.255
    access-list 10 permit 192.168.10.0
    0.0.0.255
    access-list 10 permit 192.168.20.0
    0.0.0.255
    !
     
    Nyerere, Dec 2, 2008
    #1
    1. Advertising

  2. Nyerere

    bod43 Guest

    On 2 Dec, 10:21, Nyerere <> wrote:
    > I have configured two clients on a Cisco 1841 router and Cisco
    > Catalyst 2960 Switch using InterVLAN and static NAT. The problem is
    > that from Client 2 Server I cannot access the internet whereas I can
    > from Client 1 Server. Client 1 Server is acting as a DNS server for
    > the entire network. But if I remove the Client 2 Server static NAT
    > both Servers can go through to the internet.
    >
    > My configurations are as follows:


    Thanks for the well described problem and decent
    initial data - something to work with.

    The one thing that looks awry is that you will be NATting
    the traffic between the two servers when they are doing DNS.

    You need to change the NAT list to an extended ACL
    and exclude 192.168.10.x <--> 192.168.20.x traffic.

    Ah no - they are both ip NAT inside and so that
    should not be the case.
    Hmmm.

    I would have a look at "sh ip nat tr" to check that
    you were not getting some strange NAT going on
    anyway.

    There is a new NAT scheme (single interface NAT -
    let me call it) available now so maybe the router is
    confused.

    When you say "from Client 2 Server I cannot access
    the internet" I assume you mean browse the web.
    the only possible flaw in your initial description
    is that you could have tested with a numeric traceroute
    and or ping and posted the results. This would have allowed
    readers to determine if it was likely a DNS problem or
    a basic communications problem.

    So:-
    Ping between the two servers to see if they can comunicate.
    Determine if IP communications is working to the internet
    with ping and or traceroute (tracert on windows).
    Determine if DNS is working on Client 2.
    Post software version of router.
    Look at - sh ip nat tr after you have seen failure
    debug ip nat is very good as long as you can isolate the
    traffic - i.e.there is not too much.

    report on above if you need further assistance
     
    bod43, Dec 2, 2008
    #2
    1. Advertising

  3. Nyerere

    pnorten462

    Joined:
    Nov 27, 2008
    Messages:
    9
    RE : InterVLAN and Static NAT

    Thank you for giving this useful information. i will try this.
     
    pnorten462, Dec 8, 2008
    #3
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Anonymous Poster
    Replies:
    0
    Views:
    10,710
    Anonymous Poster
    Apr 26, 2004
  2. Ronald de Leeuw
    Replies:
    2
    Views:
    14,395
  3. Replies:
    1
    Views:
    792
  4. wtpandar

    policy nat and static NAt

    wtpandar, Sep 12, 2006, in forum: Cisco
    Replies:
    0
    Views:
    882
    wtpandar
    Sep 12, 2006
  5. Replies:
    1
    Views:
    503
    Brian V
    Sep 22, 2007
Loading...

Share This Page