Need NAT commands (Urgent)

Answered Question
Dec 18th, 2008

Hi,

how can i config nat in router..using "Only WAN" ip.ISP has blocked entire /28 lan ip due to some span issue....for time being thought of using wan ip for NATing ... can some one help me in configuring the same ...would be very much appreciated ...

thanks in advance

I have this problem too.
0 votes
Correct Answer by Giuseppe Larosa about 8 years 1 month ago

Hello Bharthi,

nat translations entries are created based on a traffic

with a PC on net 192.168.0.x try to navigate over the internet

Hope to help

Giuseppe

Correct Answer by John Blakley about 8 years 1 month ago

You're missing "ip nat out" on your serial interface.

That should fix it.

HTH,

John

*please rate if helpful*

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 3.7 (3 ratings)
Loading.
Giuseppe Larosa Thu, 12/18/2008 - 06:34

Hello Bharti,

you need to define the lan interface as NAT inside

the wan as nat outside

int f0/0

desc lan

ip nat inside

ip address 10.10.10.1 255.255.255.0

int s0/0

desc wan

ip nat outside

ip address xx.xx.xx.2 255.255.255.252

access-list 11 permit 10.10.10.0 0.0.0.255

ip nat inside source list 11 interface s0/0 overload

the overload keyword allows for PAT

this is enough for basic nat to access the internet

use sh ip nat translations to see the activity of NAT

note:

if you have also advanced requirements like an ipsec tunnel to another site some more tuning is needed

Hope to help

Giuseppe

bagvanliju Thu, 12/18/2008 - 06:59

Hi Gui,

Thanks for the update ..i ve done the same config but not able to see any nat transaction ...also see the router config below

XX#s run

!

memory-size iomem 25

ip subnet-zero

ip name-server XX.XX.XX.XX

ip name-server XX.XX.XX.XX

!

!

class-map match-all VOICE_PUBLIC

match access-group 112

class-map match-any SMTP_CLASS

match access-group 111

class-map match-any REST_ClASS

match any

class-map match-any VOICE_CLASS

match ip precedence 5

!

!

policy-map MOD_QOSPOLICY

class VOICE_CLASS

bandwidth percent 20

class SMTP_CLASS

bandwidth percent 20

class VOICE_PUBLIC

bandwidth percent 5

class REST_ClASS

bandwidth percent 30

!

!

!

!

interface FastEthernet0/0

ip address 192.168.0.1 255.255.255.0

ip nat inside

speed auto

!

interface BRI0/0

no ip address

shutdown

!

interface Serial1/0

ip address XX.XX.XX.XX 255.255.255.252

service-policy output MOD_QOSPOLICY

!

ip nat inside source list 11 interface Serial1/0 overload

ip classless

ip route 0.0.0.0 0.0.0.0 Serial1/0

no ip http server

!

access-list 11 permit 192.168.0.0 0.0.0.255

snmp-server community modely RO

!

modelytics#s ip nat tran

XX#

Correct Answer
John Blakley Thu, 12/18/2008 - 07:02

You're missing "ip nat out" on your serial interface.

That should fix it.

HTH,

John

*please rate if helpful*

bagvanliju Thu, 12/18/2008 - 07:07

Hi,

Thanks for the hlp it was my misatake ..changed the same but still not showing the same

interface FastEthernet0/0

ip address 192.168.0.1 255.255.255.0

ip nat inside

speed auto

!

!

interface Serial1/0

ip address XX.XX.XX.XX 255.255.255.252

ip nat outside

service-policy output MOD_QOSPOLICY

!

ip nat inside source list 11 interface Serial1/0 overload

ip classless

ip route 0.0.0.0 0.0.0.0 Serial1/0

no ip http server

!

access-list 11 permit 192.168.0.0 0.0.0.255

snmp-server community modely RO

!

modelytics#

modelytics#

modelytics#s ip nat tran

modelytics#

modelytics#

modelytics#

Lijesh.N.C

Correct Answer
Giuseppe Larosa Thu, 12/18/2008 - 07:11

Hello Bharthi,

nat translations entries are created based on a traffic

with a PC on net 192.168.0.x try to navigate over the internet

Hope to help

Giuseppe

bagvanliju Thu, 12/18/2008 - 07:24

Thanks gui its working thans for the valuable supprt ...

Lijesh.Nc

bagvanliju Thu, 12/18/2008 - 07:25

Thanks J its working thans for the valuable supprt ...Thanks for poiting the mistake ..i ve rated ..

Lijesh.Nc

John Blakley Thu, 12/18/2008 - 06:35

Example:

int fa0/0

ip address

ip nat out

int fa0/1

ip address 10.1.0.1 255.255.255.0 (private ip)

ip nat in

ip nat inside source list 1 inter fa0/0 overload

access-list 1 permit 10.1.0.0 0.0.0.255

HTH,

John

Actions

This Discussion