configure NAT with"Router on a stick " method

Answered Question
Dec 20th, 2008
User Badges:

Hello My Dears,

I want configure my 3845Router to act as NAT server to connect local user to the Internet & Internet users connect to my web server.

For 1 step want access local users connect to the Internet , config 1st interface to 3 sub-interface and config the Switch port that this port connected to as a Trunk port.

At the end config a client follow this :

1- set IP address & Net mask

2- Set the "Default Gateway" as : 172.20.1.1

3- Set the "DNS" as 192.9.9.3


After this when using the "nslookup" can't connect to the DNS Server.


some line of "sho run" output are attached.



Attachment: 
Correct Answer by passioncas about 8 years 3 months ago

Hi ,


Routing has not been configured on the Swicth.As I said do a default route pointing towards the internet link (I hope it is Gig 0/10 .I would like to know the Switch port Gig 0/1 is connected to which device(could be an internet router).ANd the IP address configured on the outside interface is a Private IP address (on Gig 0/10).

If it possible pls share the internet router configuration and the network topology as well.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
Giuseppe Larosa Sun, 12/21/2008 - 00:30
User Badges:
  • Super Silver, 17500 points or more
  • Hall of Fame,

    Founding Member

Hello Reza,

please provide also


sh run int gix/y on the switch and

sj int gix/y switchport


note1:

I would use a more specific ACL for NAT not a permit any.



Hope to help

Giuseppe


Reza Rezazadeh Sun, 12/21/2008 - 01:24
User Badges:

Hello Giuseppe


The outputs that you requests are attache.

Defining the access-list is practically.



Reza Rezazadeh Sun, 12/21/2008 - 22:34
User Badges:

I change the router configuration same as this :

- Delete the sub-interfaces,

- Assign the IP,"inside and outside NAT" to interfaces.

- change the switch ports to "access mode" and the corresponding vlan.


But don't chane the result.

--------- on the router ---------

interface GigabitEthernet0/0

ip address 172.20.1.1 255.255.0.0

ip nat inside

ip virtual-reassembly

duplex auto

speed auto

media-type rj45

negotiation auto

!

interface GigabitEthernet0/1

ip address A.B.C.D 255.255.255.0

ip nat outside

ip virtual-reassembly

duplex auto

speed auto

media-type rj45

negotiation auto


ip nat pool ovrld A.B.C.H A.B.C.H netmask 255.255.255.0

ip nat inside source list 1 pool ovrld overload

!

access-list 1 permit any



-------- on the switch---------


----- External port---------

Name: Gi0/3

Switchport: Enabled

Administrative Mode: static access

Operational Mode: static access

Administrative Trunking Encapsulation: dot1q

Operational Trunking Encapsulation: native

Negotiation of Trunking: Off

Access Mode VLAN: 111 (Valid_IP_Address)

Trunking Native Mode VLAN: 1 (default)

Administrative Native VLAN tagging: enabled

Voice VLAN: none

Administrative private-vlan host-association: none

Administrative private-vlan mapping: none

Administrative private-vlan trunk native VLAN: none

Administrative private-vlan trunk Native VLAN tagging: enabled

Administrative private-vlan trunk encapsulation: dot1q

Administrative private-vlan trunk normal VLANs: none

Administrative private-vlan trunk private VLANs: none

Operational private-vlan: none

Trunking VLANs Enabled: ALL

Pruning VLANs Enabled: 2-1001

Capture Mode Disabled

Capture VLANs Allowed: ALL


Protected: false

Unknown unicast blocked: disabled

Unknown multicast blocked: disabled

Appliance trust: none


Building configuration...


Current configuration : 88 bytes

!

interface GigabitEthernet0/3

switchport access vlan 111

switchport mode access

end


-------Internal port--------


Name: Gi0/1

Switchport: Enabled

Administrative Mode: static access

Operational Mode: static access

Administrative Trunking Encapsulation: dot1q

Operational Trunking Encapsulation: native

Negotiation of Trunking: Off

Access Mode VLAN: 1 (default)

Trunking Native Mode VLAN: 1 (default)

Administrative Native VLAN tagging: enabled

Voice VLAN: none

Administrative private-vlan host-association: none

Administrative private-vlan mapping: none

Administrative private-vlan trunk native VLAN: none

Administrative private-vlan trunk Native VLAN tagging: enabled

Administrative private-vlan trunk encapsulation: dot1q

Administrative private-vlan trunk normal VLANs: none

Administrative private-vlan trunk private VLANs: none

Operational private-vlan: none

Trunking VLANs Enabled: ALL

Pruning VLANs Enabled: 2-1001

Capture Mode Disabled

Capture VLANs Allowed: ALL


Protected: false

Unknown unicast blocked: disabled

Unknown multicast blocked: disabled

Appliance trust: none


Building configuration...


Current configuration : 60 bytes

!

interface GigabitEthernet0/1

switchport mode access

end


passioncas Sun, 12/21/2008 - 21:50
User Badges:

You made a mistake while configuring the Pool


ip nat pool ovrlp A.B.C.H A.B.C.H netmask 255.255.255.0

ip nat inside source list 1 pool ovrld overload


NAT overloading is configured with a wrong Pool name.This mught be the issue .Please correct it and revert.

Reza Rezazadeh Sun, 12/21/2008 - 22:14
User Badges:

if your mean is the pool name ,the correct is "ovrld". That is the typing mistake on the attached file.

Reza Rezazadeh Sun, 12/21/2008 - 23:23
User Badges:

Is there necessary "Routing" configuration before "NAT" configuration ?

Is NAT & Routing depending together ?

passioncas Sun, 12/21/2008 - 23:30
User Badges:

There should be a default route that pointing towards the internet Router.If it possible pls share the entire configuration

Reza Rezazadeh Mon, 12/22/2008 - 02:18
User Badges:

I don't configure the router for special roles yet. The configuration is very primary and simple.

- Assign IP address to interfaces.

- Assign password.

- Define NAT rule.




Attachment: 
Correct Answer
passioncas Mon, 12/22/2008 - 04:13
User Badges:

Hi ,


Routing has not been configured on the Swicth.As I said do a default route pointing towards the internet link (I hope it is Gig 0/10 .I would like to know the Switch port Gig 0/1 is connected to which device(could be an internet router).ANd the IP address configured on the outside interface is a Private IP address (on Gig 0/10).

If it possible pls share the internet router configuration and the network topology as well.

Reza Rezazadeh Mon, 12/22/2008 - 22:43
User Badges:

Hello Passioncas


I add this two line to the Router for configure routing.


ip route 0.0.0.0 0.0.0.0 GigabitEthernet0/1 permanent

ip route 172.20.0.0 255.255.0.0 GigabitEthernet0/0


Then all correct.

Actions

This Discussion