I once had a small office setup where users suddenly lost internet access, even though the router was up and running. Local traffic was fine, but anything beyond the LAN was a no-go. The culprit? A misconfigured NAT overload (PAT) setup.
🔍 Diagnosis
I started by checking the basics:
show ip interface briefconfirmed interfaces were up.ping 8.8.8.8from the router worked, but not from internal hosts.show ip nat translationsreturned nothing—no active NAT entries.
That was the red flag. NAT wasn’t translating internal IPs to the public IP. I checked the config and found the NAT rule was missing the correct ACL and interface mapping.
✅ Solution
Here’s how I fixed it:
- Defined the ACL for internal traffic:
- Configured NAT overload:
- Set interface roles:
- Verified NAT translations:
access-list 1 permit 192.168.1.0 0.0.0.255
ip nat inside source list 1 interface GigabitEthernet0/0 overload
interface GigabitEthernet0/1 ip nat inside interface GigabitEthernet0/0 ip nat outside
show ip nat translations
Once this was in place, internal users could access the internet again. NAT entries started populating, and traffic flowed smoothly.
📚 Reference That Helped
The Cisco NAT Configuration Guide was my go-to. It clarified how ACLs and interface roles interact with NAT, and helped me avoid common pitfalls like forgetting to set ip nat inside/outside on interfaces.
This issue is deceptively simple but incredibly common—especially when routers are reset or configs are copied without adapting to the new network. It’s a great reminder that NAT isn’t just plug-and-play; it needs precise alignment between ACLs, interfaces, and overload rules.
No comments:
Post a Comment