06-26-2007 02:42 AM - edited 03-05-2019 04:58 PM
Hello,
I have to configure a cisco 1721 with NAT
this is the config :
sh run
Building configuration...
Current configuration : 1899 bytes
!
version 12.3
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
!
hostname ByPass_LinkProof
!
enable secret 5 ##############
!
no aaa new-model
ip subnet-zero
!
!
no ip domain lookup
!
!
ip cef
!
!
!
!
interface FastEthernet0
ip address 192.168.152.2 255.255.255.0
ip nat inside
speed 100
full-duplex
!
interface FastEthernet1
switchport access vlan 2
no ip address
!
interface FastEthernet2
switchport access vlan 3
no ip address
!
interface FastEthernet3
switchport access vlan 4
no ip address
!
interface FastEthernet4
switchport access vlan 5
no ip address
!
interface Vlan1
no ip address
shutdown
!
interface Vlan2
ip address <Pub Address 1> 255.255.255.248
ip nat outside
!
interface Vlan3
ip address <Pub Address 2> 255.255.255.240
!
interface Vlan4
ip address <Pub Address 3> 255.255.255.248
!
interface Vlan5
ip address <Pub Address 4> 255.255.255.248
!
ip nat inside source list 1 interface Vlan2 overload
ip nat inside source static 192.168.151.3 <Pub Address 5>
ip nat inside source static 192.168.151.4 <Pub Address 6>
ip classless
ip route 0.0.0.0 0.0.0.0 <NHR Address 1>
ip route 10.242.0.0 255.255.0.0 192.168.152.1
ip route 192.168.150.0 255.255.255.0 192.168.152.1
ip route 192.168.151.0 255.255.255.0 192.168.152.1
no ip http server
!
access-list 1 permit any
access-list 101 permit tcp any any eq www
access-list 101 permit tcp any any eq domain
access-list 101 permit tcp any any eq 3101
access-list 101 permit tcp any any eq smtp
access-list 101 permit tcp any any eq pop3
access-list 101 permit tcp any any eq 443
access-list 101 permit tcp any any eq 22
access-list 101 permit tcp any any eq 995
access-list 101 deny tcp any any
access-list 102 deny tcp any eq 445 host 192.168.0.103
access-list 102 permit tcp any any
!
line con 0
line aux 0
line vty 0 4
password #####
login
!
no scheduler allocate
!
end
ByPass_LinkProof#
The Vlans 3 4 and 5 are note used for the momment.
when he router is connecter I can ping an internet ip on the router, but not inside the network.
thanks for your help.
06-26-2007 04:16 AM
Adrien
I do not see any particular issue with the configuration of NAT and wonder if there is some other explanation for your problem. Is it possible that the end stations inside the network do not have correct default gateway configured? (for example can the end stations access resources in the 192.168.150.0 and 192.168.151.0 networks?) Or is it possible that you are pinging by address from the router and pinging by name from the inside end station and there is some issue with DNS?
I see access list 101 and 102 configured (and believe that there are some issues with these access lists) but do not see them applied. Can you clarify what is being done with these access lists?
HTH
Rick
06-26-2007 04:36 AM
Hello,
The acl 101 and 102 where not in use, so I delete...
this is the config now, with the same problem :
sh run
Building configuration...
Current configuration : 1461 bytes
!
version 12.3
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
!
hostname ByPass_LinkProof
!
enable secret 5 ###################
!
no aaa new-model
ip subnet-zero
!
!
no ip domain lookup
!
!
ip cef
!
!
!
!
interface FastEthernet0
ip address 192.168.152.2 255.255.255.0
ip nat inside
speed 100
full-duplex
!
interface FastEthernet1
switchport access vlan 2
no ip address
!
interface FastEthernet2
switchport access vlan 3
no ip address
!
interface FastEthernet3
switchport access vlan 4
no ip address
!
interface FastEthernet4
switchport access vlan 5
no ip address
!
interface Vlan1
no ip address
shutdown
!
interface Vlan2
ip address
ip nat outside
!
interface Vlan3
ip address ############# 255.255.255.240
shutdown
!
interface Vlan4
ip address ############# 255.255.255.248
shutdown
!
interface Vlan5
ip address ############## 255.255.255.248
shutdown
!
ip nat inside source list 1 interface Vlan2 overload
ip nat inside source static 192.168.151.3
ip nat inside source static 192.168.151.4
ip classless
ip route 0.0.0.0 0.0.0.0
ip route 10.242.0.0 255.255.0.0 192.168.152.1
ip route 192.168.150.0 255.255.255.0 192.168.152.1
ip route 192.168.151.0 255.255.255.0 192.168.152.1
no ip http server
!
access-list 1 permit any
!
line con 0
line aux 0
line vty 0 4
password #############
login
!
no scheduler allocate
!
end
ByPass_LinkProof#
it is not a problem of internal configuration, because with another device it works well...
thanks
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: