NAT config question

Robbo777Robbo777 Posts: 331Member ■■■□□□□□□□
Hi, i have a simple NAT setup that isnt working at the moment, i have

1 PC
2 routers and both with a mask

PC is connected to the router and can ping and NAT inside is configured on the Ethernet interface connecting the PC and NAT outside is on connecting the serial interface to the other router of

my NAT config is:

ip nat pool test netmask
ip nat inside source list 1 pool test overload

Access list is:

access-list 1 permit

I have OSPF configured on both routers advertising their serial wan connections as well. Not sure what's wrong here?


  • theodoxatheodoxa Posts: 1,340Member
    1) At first glance, is not a valid wildcard mask. You could use

    BTW, what "isn't working". Are you not able to ping the 2nd router?

    Is this the topology you are using?

    PC (> (ip nat inside) R1 (, ip nat outside) --> ( R2

    2) Do you have a route to on R2?

    3) Your NAT Pool covers 2 subnets -- and -- - -- -
    Security: CCNA [ ]
    Virtualization: VCA-DCV [ ]
  • Robbo777Robbo777 Posts: 331Member ■■■□□□□□□□
    Hi, i changed the wildcard mask to instead but still no luck on that, i changed the pool addresses to ip nat pool test netmask, for simplicity for now, still no luck.

    An yes i am able to ping which is the second router from the NAT router but the PC cannot ping, that router has no other interfaces configured on it, just that one address over a serial link to the NAT router which is

    I dont have any routes pointing to on any router. I have ospf enabled on both routers though and they're both neighbours.
  • Robbo777Robbo777 Posts: 331Member ■■■□□□□□□□
    This is so strange but I'm getting Request Time Out messages on the PC in packet tracer BUT it's actually showing the NAT translations going through on the router:

    Inside global Inside local Outside local Outside global
  • Robbo777Robbo777 Posts: 331Member ■■■□□□□□□□
    figured it out but its a bit confusing still haha, basically i needed to put a static route on router 2 s2/0 to force the packets back out because i'm assuming that they didn't know what to do with them when they received them.

    Because wasn't in either routing table it didn't know what to do with them, however! When the NAT router received them back how did it know what to do with them? Was it because the source IP address remained them same and from their the routing table on the NAT router knew to bounce them back to that MAC and IP address haha?
  • james43026james43026 Posts: 303Member
    You are correct, the return traffic (echo reply) was unable to traverse it's way back, as R2 didn't have a return path in it's routing table before. NAT traffic is kept in a stateful table so that return traffic can have the NAT translation reversed.
Sign In or Register to comment.