Before a go-live I've been trying this in my lab and have been having a few problems. I'm splitting a Mitel 3300 and data into 2 differnt subnets. Here's the setup. Mitel 3300 wil be on subnet 192.168.50.0/24 on vlan 50 and the data will remain untagged on the native vlan1 192.168.1.0/24. I am using a 2651XM as the DHCP server on Vlan 50 with correct options for the Mitel IP Phones. (Everything works fine with the phones all picking up an address in Vlan50 and communicating with the mitel no problem. The PCs on the data network all pick up the correct subnet and work ok) This is connected via a 3560 POE switch. The internet gateway which is also the dhcp server for data subnet is a HGV ADSL made by 2wire. These are the snippets of config:
On the 3560 ports 1 to 47 have switchport voice VLan 50,
Port 48 is set to trunk with vlan allowed 1,50
I have created vlan 50 with 192.168.50.5 and set to active.
On the 2651XM I have
Interface FA0/0.1 as 192.168.1.236, enacapsulation set to native vlan 1, ip nat outside
interface fa0/0.50 set as encapsualtion dot1q 50 with ip address 192.168.50.254. Ip nat inside.
I have created ACL 1 with allow 192.168.50.0 0.0.0.255
and allow 192.168.1.0 0.0.0.255
and then set ip nat inside source list 1 interface fa 0/0.1 overload.
I have also set a static route of 192.168.50.0 via 192.168.1.236 on the ADSL router.
I have set a default route on the 2651xm of 0.0.0.0 0.0.0.0 192.168.1.254 (The adsl gateway is 192.168.1.254)
I have set the default gateway on the Mitel as 192.168.50.254 (All communication for the mitel must be tagged vlan50)
Basically what happens is when I apply the NAT to fa 0/0.50 I can no longer access the Mitel GUI at 192.168.50.1 from a PC on the data subnet but I can still ping it. If I remove the nat inside statement on fa 0/0.50 I can browse to the Mitel from the data subnet However, the mitel can then not access any address on the internet. If I put the nat back on fa 0/0.50 and put a PC into vlan 50 and it picks up a valid address on the vlan 50 subnet I can browse to the Mitel and from the Mitel I can resolve and ping addresses on the internet.
I'm sure it's a NAT problem somewhere! Does anyone have any ideas where I might be going wrong?
On the 3560 ports 1 to 47 have switchport voice VLan 50,
Port 48 is set to trunk with vlan allowed 1,50
I have created vlan 50 with 192.168.50.5 and set to active.
On the 2651XM I have
Interface FA0/0.1 as 192.168.1.236, enacapsulation set to native vlan 1, ip nat outside
interface fa0/0.50 set as encapsualtion dot1q 50 with ip address 192.168.50.254. Ip nat inside.
I have created ACL 1 with allow 192.168.50.0 0.0.0.255
and allow 192.168.1.0 0.0.0.255
and then set ip nat inside source list 1 interface fa 0/0.1 overload.
I have also set a static route of 192.168.50.0 via 192.168.1.236 on the ADSL router.
I have set a default route on the 2651xm of 0.0.0.0 0.0.0.0 192.168.1.254 (The adsl gateway is 192.168.1.254)
I have set the default gateway on the Mitel as 192.168.50.254 (All communication for the mitel must be tagged vlan50)
Basically what happens is when I apply the NAT to fa 0/0.50 I can no longer access the Mitel GUI at 192.168.50.1 from a PC on the data subnet but I can still ping it. If I remove the nat inside statement on fa 0/0.50 I can browse to the Mitel from the data subnet However, the mitel can then not access any address on the internet. If I put the nat back on fa 0/0.50 and put a PC into vlan 50 and it picks up a valid address on the vlan 50 subnet I can browse to the Mitel and from the Mitel I can resolve and ping addresses on the internet.
I'm sure it's a NAT problem somewhere! Does anyone have any ideas where I might be going wrong?
