ip nat question

Unanswered Question
Oct 1st, 2007


I have encounter Nat problem on the config below.

The thing is that router itself sees the internet but local clients(workstations) don't see any internet .

Client can't ping outside nor they can see web pages.

I assume something wrong with the nat

Thank you for your help

interface Serial0/0

description connected to Internet

ip address

no ip directed-broadcast

ip nat outside

encapsulation ppp

load-interval 30

service-module t1 remote-alarm-enable


interface Ethernet0/1

ip address

no ip directed-broadcast

ip nat inside


interface Serial0/1

no ip address

no ip directed-broadcast



router eigrp 2468

passive-interface Serial0/0


no auto-summary


ip nat inside source list 100 interface Serial0/0 overload

ip classless

ip route


logging trap debugging


access-list 1 permit any

access-list 100 permit ip any

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
luqmankondeth Mon, 10/01/2007 - 07:36

I dont see any problems with NAT.

what is eigrp doing here?

RUn a couple of debugs and show commands like

debug ip packet 100

sh ip nat translations

if still having problems, do a clear ip nat translations *

Richard Burts Mon, 10/01/2007 - 07:40


I think that I understood your post to indicate that the router itself can access resources in the Internet (can ping resources by name and by address in the Internet) but want to make sure that I did understand this correctly.

Assuming that it is true that the router does have internet connectivity then we can assume that is is not a basic IP connectivity issues.

The next thing that I would want to check is whether the clients have properly configured default gateway (also properly configured IP address and mask). The easy way to check this is to have the clients attempt to ping to the serial 0/0 interface of the router. My guess is that the clients will not be able to ping the outside interface of the router. Give this a try and let us know the results.



visteknetworking Mon, 10/01/2007 - 07:54



The thing is that I have posted this config from my backup router. I was trying to use it on friday when my primary router has crashed.

I managed to recover the original one and now it is working fine.

The reason why I have posted this post is because I want to know why the backup router didn't work when I needed.

Also as you can imagine that I can't test the config since the backup router is not connected any longer.

Any Idea what should I do ?

Thank you again

ankbhasi Mon, 10/01/2007 - 08:06

Hi Bar,

I do not see any HSRP configuration on your lan interface that means no virtual gateway address for your clients which makes me believe your clients must be having gateway address configured for your primary router lan interface and when it crashed clients not able to reach gateway and also not abl to connect to internet.



Richard Burts Mon, 10/01/2007 - 08:31


Ankur's thinking is going in exactly the direction that I indicated in my post. It seems very likely that the clients default gateway was not the interface address of this router. If this router was not their default gateway (and if the device that is their default gateway was down - as you seem to be saying) then that is the reason that clients could not access the Internet.

As for what you should do, I believe that you need to reconsider the functionality of the primary and backup router. As Ankur suggests it would seem logical that the primary and the backup router should run HSRP or do something like this.



visteknetworking Mon, 10/01/2007 - 08:37

Sorry do say it but default gateway wast the interface of the router.

I checked it myself. and i'm pretty much sure that it was correct.

in regards the crash on the router I meant that I just replace the backup once with the old original there is no any kind of HSRP setup.


rfearing72 Tue, 10/02/2007 - 08:52

dude, you're advertising the wrong network via EIGRP... look at your serial interface config... you've got no adjancency I'm sure... do a {show ip nat tran} to see if you're getting nat


This Discussion