Nat problems?

alfil2k08 · ‎03-06-2008

Hi all,

I have a problem with a router cisco 837 on my work. That is the configuration:

1 DSL Wan Interface named ATM0.1 with the external ip Ex: 80.36.25.24 and NAT outside, and the ethernet interface with internal ip ex: 172.26.0.254 and NAT inside.

The nat config is:

ip nat inside source list 102 interface ATM0.1 overload

ip nat inside source static tcp 172.26.0.1 8081 interface ATM0.1 8081

That's work fine if i try to connect with my browser from the external(ex: my house) to my work to the port 8081.

But, doesn`t work if i try to connect from my computer in the office using my external ip and port on the browser. URL ex: http://80.36.25.24:8081. My computer have the ip 172.26.0.53.

Wich are the correct configuration for that work correctly??

lamav · ‎03-06-2008

Can you post the entire config?

alfil2k08 · ‎03-06-2008

Yes, this is the conf

no service pad

service timestamps debug uptime

service timestamps log uptime

service password-encryption

!

hostname C837

!

logging queue-limit 100

no logging buffered

!

ip subnet-zero

ip name-server 80.58.61.250

ip name-server 80.58.61.254

ip dhcp excluded-address 192.168.1.1

!

ip dhcp pool CLIENT

import all

network 192.168.1.0 255.255.255.0

default-router 192.168.1.1

dns-server 80.58.61.250 80.58.61.254

lease 4

!

ip audit notify log

ip audit po max-events 100

no ftp-server write-enable

!

interface Ethernet0

ip address 172.30.29.254 255.255.255.0 secondary

ip address 192.168.1.1 255.255.255.0

ip access-group 103 in

ip nat inside

ip tcp adjust-mss 1452

hold-queue 100 out

no sh

!

interface ATM0

no ip address

no ip route-cache

no ip mroute-cache

atm vc-per-vp 256

no atm ilmi-keepalive

dsl operating-mode auto

no sh

!

interface ATM0.1 point-to-point

ip address 80.36.25.24 255.255.255.128

ip nat outside

no ip route-cache

no ip mroute-cache

no sh

pvc 8/32

encapsulation aal5snap

!

ip nat inside source list 102 interface ATM0.1 overload

ip nat inside source static tcp 172.30.29.1 8081 interface ATM0.1 8081

ip classless

ip route 0.0.0.0 0.0.0.0 ATM0.1

no ip http server

no ip http secure-server

!

access-list 23 permit 172.30.29.0 0.0.0.255

access-list 102 permit ip 192.168.1.0 0.0.0.255 any

access-list 102 permit ip 172.30.29.0 0.0.0.255 any

access-list 103 deny ip 192.168.1.0 0.0.0.255 172.30.29.0 0.0.0.255

access-list 103 permit ip any any

dialer-list 1 protocol ip permit

!

scheduler max-task-time 5000

!

end

lamav · ‎03-06-2008

Two things:

1.) You say the interface address for your ethernet interface is 172.26.0.254, but its not.

interface Ethernet0

ip address 172.30.29.254 255.255.255.0 secondary

ip address 192.168.1.1 255.255.255.0

ip access-group 103 in

ip nat inside

ip tcp adjust-mss 1452

hold-queue 100 out

no sh

2.) If you are on the 172.26.0.0/24 network (you say your PC address is 172.26.0.53), your traffic will not be NAT'ed because ACL 102 is not permitting it.

ip nat inside source list 102 interface ATM0.1 overload

access-list 102 permit ip 192.168.1.0 0.0.0.255 any

access-list 102 permit ip 172.30.29.0 0.0.0.255 any

HTH

Victor

alfil2k08 · ‎03-06-2008

sorry victor, i wrote wrong ip on the original message. the correct segment on lan is 172.30.29.0.

Can you see any solutions?

Many thanks,

lamav · ‎03-06-2008

Ok, but whats your PC's IP address...

PC>ipconfig

alfil2k08 · ‎03-06-2008

the ip is 172.30.29.106

Pablo

lamav · ‎03-06-2008

I really dont see anything wrong with this configuration that would prevent you from accessing the Internet.

Are you being NAT'ed?

Do a "sh ip nat trans" and see if youre being translated.

Ill think of other stuff...

Victor