stanhubble
MIS
Q. is there a problem or restriction on overload nat'ing a 10.x.x.x address?
i have 6 vlans defined 10.10.10.x/24 10.99.[1-5].x/24, and the router is .1 on each of them, but for the purpose of this question i'm just concerned with the first one.
int fa 0 is the gateway to 10.5.11.x/24 with an ip of 10.5.11.4/24 that i am trying to overload.
an upstream gateway to the internet is at 10.5.11.1/24.
from a ssh session on the router i can ping something on the internet (eg 4.2.2.2) and everything on vlan 1.
if i just set up the overload on fa 0 then only the router can get out but nothing else from vlan 1.
if i set a static nat for a device on vlan 1 then it works for that device?????
ip route 0.0.0.0 0.0.0.0 10.5.11.1 permanent
ip nat pool pool511 10.5.11.4 10.5.11.4 prefix-length 24
ip nat inside source list 7 pool pool511 overload
!
ip nat inside source static 10.10.10.51 10.5.11.7
ip nat inside source static 10.10.10.44 10.5.11.8
!
access-list 7 permit any
access-list 105 permit ip any any
access-list 105 permit udp any any
access-list 105 permit tcp any any
access-list 105 permit icmp any any
access-list 105 permit gre any any
interface FastEthernet0
ip address 10.5.11.4 255.255.255.0
ip access-group 105 in
ip access-group 105 out
ip nat outside
ip virtual-reassembly
duplex auto
speed auto
!
interface FastEthernet9
description trunk to switch
switchport mode trunk
vlan-range dot1q 1 8
exit-vlan-config
!
!
interface Vlan1
description $ES_LAN$$FW_INSIDE$
ip address 10.10.10.1 255.255.255.0
ip access-group 105 in
ip access-group 105 out
ip nat inside
ip virtual-reassembly
!
info - 1811 router with ios 12.4(6)T7 C181X-ADVIPSERVICESK9-M
i can post the whole config if needed ....thx
i have 6 vlans defined 10.10.10.x/24 10.99.[1-5].x/24, and the router is .1 on each of them, but for the purpose of this question i'm just concerned with the first one.
int fa 0 is the gateway to 10.5.11.x/24 with an ip of 10.5.11.4/24 that i am trying to overload.
an upstream gateway to the internet is at 10.5.11.1/24.
from a ssh session on the router i can ping something on the internet (eg 4.2.2.2) and everything on vlan 1.
if i just set up the overload on fa 0 then only the router can get out but nothing else from vlan 1.
if i set a static nat for a device on vlan 1 then it works for that device?????
ip route 0.0.0.0 0.0.0.0 10.5.11.1 permanent
ip nat pool pool511 10.5.11.4 10.5.11.4 prefix-length 24
ip nat inside source list 7 pool pool511 overload
!
ip nat inside source static 10.10.10.51 10.5.11.7
ip nat inside source static 10.10.10.44 10.5.11.8
!
access-list 7 permit any
access-list 105 permit ip any any
access-list 105 permit udp any any
access-list 105 permit tcp any any
access-list 105 permit icmp any any
access-list 105 permit gre any any
interface FastEthernet0
ip address 10.5.11.4 255.255.255.0
ip access-group 105 in
ip access-group 105 out
ip nat outside
ip virtual-reassembly
duplex auto
speed auto
!
interface FastEthernet9
description trunk to switch
switchport mode trunk
vlan-range dot1q 1 8
exit-vlan-config
!
!
interface Vlan1
description $ES_LAN$$FW_INSIDE$
ip address 10.10.10.1 255.255.255.0
ip access-group 105 in
ip access-group 105 out
ip nat inside
ip virtual-reassembly
!
info - 1811 router with ios 12.4(6)T7 C181X-ADVIPSERVICESK9-M
i can post the whole config if needed ....thx