Need NAT commands (Urgent)

Answered Question
Dec 18th, 2008
User Badges:

Hi,


how can i config nat in router..using "Only WAN" ip.ISP has blocked entire /28 lan ip due to some span issue....for time being thought of using wan ip for NATing ... can some one help me in configuring the same ...would be very much appreciated ...


thanks in advance

Correct Answer by Giuseppe Larosa about 8 years 7 months ago

Hello Bharthi,


nat translations entries are created based on a traffic


with a PC on net 192.168.0.x try to navigate over the internet


Hope to help

Giuseppe


Correct Answer by John Blakley about 8 years 7 months ago

You're missing "ip nat out" on your serial interface.


That should fix it.


HTH,


John


*please rate if helpful*

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 3.7 (3 ratings)
Loading.
Giuseppe Larosa Thu, 12/18/2008 - 06:34
User Badges:
  • Super Silver, 17500 points or more
  • Hall of Fame,

    Founding Member

Hello Bharti,


you need to define the lan interface as NAT inside

the wan as nat outside


int f0/0

desc lan

ip nat inside

ip address 10.10.10.1 255.255.255.0


int s0/0

desc wan

ip nat outside

ip address xx.xx.xx.2 255.255.255.252


access-list 11 permit 10.10.10.0 0.0.0.255


ip nat inside source list 11 interface s0/0 overload


the overload keyword allows for PAT


this is enough for basic nat to access the internet

use sh ip nat translations to see the activity of NAT


note:

if you have also advanced requirements like an ipsec tunnel to another site some more tuning is needed


Hope to help

Giuseppe


bagvanliju Thu, 12/18/2008 - 06:59
User Badges:

Hi Gui,


Thanks for the update ..i ve done the same config but not able to see any nat transaction ...also see the router config below


XX#s run


!

memory-size iomem 25

ip subnet-zero

ip name-server XX.XX.XX.XX

ip name-server XX.XX.XX.XX

!

!

class-map match-all VOICE_PUBLIC

match access-group 112

class-map match-any SMTP_CLASS

match access-group 111

class-map match-any REST_ClASS

match any

class-map match-any VOICE_CLASS

match ip precedence 5

!

!

policy-map MOD_QOSPOLICY

class VOICE_CLASS

bandwidth percent 20

class SMTP_CLASS

bandwidth percent 20

class VOICE_PUBLIC

bandwidth percent 5

class REST_ClASS

bandwidth percent 30

!

!

!

!

interface FastEthernet0/0

ip address 192.168.0.1 255.255.255.0

ip nat inside

speed auto

!

interface BRI0/0

no ip address

shutdown

!

interface Serial1/0

ip address XX.XX.XX.XX 255.255.255.252

service-policy output MOD_QOSPOLICY

!

ip nat inside source list 11 interface Serial1/0 overload

ip classless

ip route 0.0.0.0 0.0.0.0 Serial1/0

no ip http server

!

access-list 11 permit 192.168.0.0 0.0.0.255

snmp-server community modely RO

!


modelytics#s ip nat tran

XX#


Correct Answer
John Blakley Thu, 12/18/2008 - 07:02
User Badges:
  • Purple, 4500 points or more

You're missing "ip nat out" on your serial interface.


That should fix it.


HTH,


John


*please rate if helpful*

bagvanliju Thu, 12/18/2008 - 07:07
User Badges:

Hi,


Thanks for the hlp it was my misatake ..changed the same but still not showing the same


interface FastEthernet0/0

ip address 192.168.0.1 255.255.255.0

ip nat inside

speed auto

!

!

interface Serial1/0

ip address XX.XX.XX.XX 255.255.255.252

ip nat outside

service-policy output MOD_QOSPOLICY

!

ip nat inside source list 11 interface Serial1/0 overload

ip classless

ip route 0.0.0.0 0.0.0.0 Serial1/0

no ip http server

!

access-list 11 permit 192.168.0.0 0.0.0.255

snmp-server community modely RO

!


modelytics#

modelytics#

modelytics#s ip nat tran


modelytics#

modelytics#

modelytics#


Lijesh.N.C

Correct Answer
Giuseppe Larosa Thu, 12/18/2008 - 07:11
User Badges:
  • Super Silver, 17500 points or more
  • Hall of Fame,

    Founding Member

Hello Bharthi,


nat translations entries are created based on a traffic


with a PC on net 192.168.0.x try to navigate over the internet


Hope to help

Giuseppe


bagvanliju Thu, 12/18/2008 - 07:24
User Badges:



Thanks gui its working thans for the valuable supprt ...


Lijesh.Nc

bagvanliju Thu, 12/18/2008 - 07:25
User Badges:


Thanks J its working thans for the valuable supprt ...Thanks for poiting the mistake ..i ve rated ..


Lijesh.Nc

John Blakley Thu, 12/18/2008 - 06:35
User Badges:
  • Purple, 4500 points or more

Example:


int fa0/0

ip address

ip nat out


int fa0/1

ip address 10.1.0.1 255.255.255.0 (private ip)

ip nat in


ip nat inside source list 1 inter fa0/0 overload


access-list 1 permit 10.1.0.0 0.0.0.255


HTH,


John


Actions

This Discussion