Having Trouble getting Nat to work

Unanswered Question
Jul 4th, 2007

Hi all,

i have an 2600 which a want to use for internet access. I'm so far that i can ping everything from the router it's self but behind my lan i'm not able. The only thing i can ping from my lan is the other network in my lan, my lan default gateway and the ip address my wan interface gets from dhcp.

When i want to ping my wan gateway, mine lan gateway shows up with the notification that the host is unreachable

below is my config:

======================

NL-RDAM-NRD#sh run

Building configuration...

Current configuration : 979 bytes

!

version 12.2

service timestamps debug datetime msec

service timestamps log datetime msec

service password-encryption

!

hostname NL-RDAM-NRD

!

logging queue-limit 100

enable secret xxx

!

ip subnet-zero

!

!

ip name-server 62.xxx.xxx.xxx

!

!

!

!

!

interface FastEthernet0/0

description ***** INTERFACE TO INTERNET *****

ip address dhcp

ip nat outside

duplex auto

speed auto

!

interface Serial0/0

no ip address

shutdown

no fair-queue

!

interface FastEthernet0/1

description ***** INTERFACE TO LAN NETWORK *****

ip address 192.168.2.1 255.255.255.0

ip access-group 1 out

ip nat inside

duplex auto

speed auto

!

ip nat inside source list 1 interface FastEthernet0/0 overload

no ip http server

ip classless

ip route 0.0.0.0 0.0.x.x.83.77.1

!

!

!

access-list 1 permit 192.168.2.0 0.0.0.255

access-list 101 permit icmp any any

!

line con 0

exec-timeout 0 0

password xxx

logging synchronous

login

line aux 0

line vty 0 4

password xxx

login

!

!

end

this is a debug ip packet output

================================

NL-RDAM-NRD#debug ip pack

IP packet debugging is on

NL-RDAM-NRD#

*Mar 1 01:16:16.243: IP: s=10.8.128.1 (FastEthernet0/0), d=255.255.255.255, len

372, rcvd 2

*Mar 1 01:16:16.379: IP: s=10.8.128.1 (FastEthernet0/0), d=255.255.255.255, len

348, rcvd 2

*Mar 1 01:16:16.383: IP: s=10.8.128.1 (FastEthernet0/0), d=255.255.255.255, len

348, rcvd 2

*Mar 1 01:16:16.515: IP: s=10.8.128.1 (FastEthernet0/0), d=255.255.255.255, len

348, rcvd 2

NL-RDAM-NRD#

*Mar 1 01:16:18.327: IP: s=10.8.128.1 (FastEthernet0/0), d=255.255.255.255, len

372, rcvd 2

*Mar 1 01:16:18.879: IP: tableid=0, s=192.168.2.5 (FastEthernet0/1), d=212.83.7

7.1 (FastEthernet0/0), routed via RIB

*Mar 1 01:16:18.879: IP: s=212.83.77.198 (FastEthernet0/1), d=212.83.77.1 (Fast

Ethernet0/0), g=212.83.77.1, len 60, forward

*Mar 1 01:16:18.887: IP: tableid=0, s=212.83.77.1 (FastEthernet0/0), d=192.168.

2.5 (FastEthernet0/1), routed via RIB

*Mar 1 01:16:18.887: IP: s=212.83.77.1 (FastEthernet0/0), d=192.168.2.5 (FastEt

hernet0/1), len 60, access denied

*Mar 1 01:16:18.887: IP: tableid=0, s=212.83.77.198 (local), d=212.83.77.1 (Fas

tEthernet0/0), routed via RIB

NL-RDAM-NRD#

*Mar 1 01:16:18.887: IP: s=212.83.77.198 (local), d=212.83.77.1 (FastEthernet0/

0), len 56, sending

i've been troubleshooting for three days and i'm stuck..any help would be appreciated

bye Flash....

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 4 (2 ratings)
Loading.
Paolo Bevilacqua Wed, 07/04/2007 - 13:21

Hi,

Please remove "ip access-group" from fa0/1.

Hope this helps, please rate post if it does!

flashsplash Wed, 07/04/2007 - 13:51

If i remove the ip access group command then the access-list is not valid. How would i specify an allowed network then...Impleting nat requires an access-list which need to bound to an interface in/out.

thx for the advice but i don't think this will help

bye flash...

Edison Ortiz Wed, 07/04/2007 - 14:11

flash,

The ACL 1, on this case, is being used for the NAT source list. You don't need the access-group 1 out under the interface. Please, do as instructed since you are currently blocking any network but the 192.168.2.0/24 network from returning traffic via that interface.

flashsplash Wed, 07/04/2007 - 14:30

oke guy's thx for the advice i will give it a try tomorrow cause it's 00:28 am over here and i'm going to bed cause the clock will zooming quickly..lol... ill let u guy's if it solves it.

bye flash...

Paolo Bevilacqua Wed, 07/04/2007 - 16:05

Hi flashsplash,

In a friendly manner, I must tell you that you are assuming too many things for a novice. Please listen to those that have experience, it's always a good thing in life. Then, in your own place, try on your own the things they told you, but listen first :)

Edison summarized perfectly your configuration problem. Good night and have fun with your working nat tomorrow :)

flashsplash Thu, 07/05/2007 - 01:25

Hi P.bevilacqua,

i must say u hit the needle at its top.

I'm a bit stubborn and i know its my weakness. Your totally in ur right cause i had to test it before i made my comment, and not to forget that i came here because i can't solve it myself. So bevilacuqa i own u an excuse...

bye flash

Paolo Bevilacqua Thu, 07/05/2007 - 01:37

No need to apologize. Happy to have helped and good luck!

Please remember to rate useful posts using the scrollbox below!

haoshoken Thu, 07/05/2007 - 08:09

Just a curious question on the configuration for the default route, for discussion.

ip route 0.0.0.0 0.0.0.0 212.83.77.1

Since the WAN interface is DHCP. Will this still work if the IP is dynamically changed?

If NO, what would be a good suggestion?

Feel free to discuss.

Cheers!

Paolo Bevilacqua Thu, 07/05/2007 - 08:20

Hi,

well the thing is that when the router gets an IP address via DHCP, no static default route is necessary to configure, as one will be installed automatically.

flashsplash Thu, 07/05/2007 - 10:11

hi bevilacqua

ur adviced indeed solved my problem. So thank u very much. I wanna rate this discuss bute where's the rate option cause u notice the scrollbox below but i don't c it...

bye flash

Paolo Bevilacqua Fri, 07/06/2007 - 12:00

Actually this command is necessary only if you want change the default metric for a DHCP route.

Without command, DHCP route is installed by default with metric 0.

Actions

This Discussion