Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2422
Views
0
Helpful
12
Replies

configure NAT with"Router on a stick " method

Go to solution
Reza Rezazadeh
Level 1
Level 1

‎12-20-2008 10:27 PM - edited ‎03-06-2019 03:04 AM

Hello My Dears,

I want configure my 3845Router to act as NAT server to connect local user to the Internet & Internet users connect to my web server.

For 1 step want access local users connect to the Internet , config 1st interface to 3 sub-interface and config the Switch port that this port connected to as a Trunk port.

At the end config a client follow this :

1- set IP address & Net mask

2- Set the "Default Gateway" as : 172.20.1.1

3- Set the "DNS" as 192.9.9.3

After this when using the "nslookup" can't connect to the DNS Server.

some line of "sho run" output are attached.

Labels:
Preview file
2 KB
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
passioncas
Level 1
Level 1
In response to Reza Rezazadeh

‎12-22-2008 04:13 AM

Hi ,

Routing has not been configured on the Swicth.As I said do a default route pointing towards the internet link (I hope it is Gig 0/10 .I would like to know the Switch port Gig 0/1 is connected to which device(could be an internet router).ANd the IP address configured on the outside interface is a Private IP address (on Gig 0/10).

If it possible pls share the internet router configuration and the network topology as well.

View solution in original post

0 Helpful
12 Replies 12

Go to solution
Giuseppe Larosa
Hall of Fame
Hall of Fame

‎12-21-2008 12:30 AM

Hello Reza,

please provide also

sh run int gix/y on the switch and

sj int gix/y switchport

note1:

I would use a more specific ACL for NAT not a permit any.

Hope to help

Giuseppe

0 Helpful

Go to solution
Reza Rezazadeh
Level 1
Level 1
In response to Giuseppe Larosa

‎12-21-2008 01:24 AM

Hello Giuseppe

The outputs that you requests are attache.

Defining the access-list is practically.

0 Helpful

Go to solution
Reza Rezazadeh
Level 1
Level 1
In response to Giuseppe Larosa

‎12-21-2008 01:36 AM

Hello Giuseppe

The results that you requested are attache.

Preview file
2 KB
0 Helpful

Go to solution
Reza Rezazadeh
Level 1
Level 1
In response to Giuseppe Larosa

‎12-21-2008 10:34 PM

I change the router configuration same as this :

- Delete the sub-interfaces,

- Assign the IP,"inside and outside NAT" to interfaces.

- change the switch ports to "access mode" and the corresponding vlan.

But don't chane the result.

--------- on the router ---------

interface GigabitEthernet0/0

ip address 172.20.1.1 255.255.0.0

ip nat inside

ip virtual-reassembly

duplex auto

speed auto

media-type rj45

negotiation auto

!

interface GigabitEthernet0/1

ip address A.B.C.D 255.255.255.0

ip nat outside

ip virtual-reassembly

duplex auto

speed auto

media-type rj45

negotiation auto

ip nat pool ovrld A.B.C.H A.B.C.H netmask 255.255.255.0

ip nat inside source list 1 pool ovrld overload

!

access-list 1 permit any

-------- on the switch---------

----- External port---------

Name: Gi0/3

Switchport: Enabled

Administrative Mode: static access

Operational Mode: static access

Administrative Trunking Encapsulation: dot1q

Operational Trunking Encapsulation: native

Negotiation of Trunking: Off

Access Mode VLAN: 111 (Valid_IP_Address)

Trunking Native Mode VLAN: 1 (default)

Administrative Native VLAN tagging: enabled

Voice VLAN: none

Administrative private-vlan host-association: none

Administrative private-vlan mapping: none

Administrative private-vlan trunk native VLAN: none

Administrative private-vlan trunk Native VLAN tagging: enabled

Administrative private-vlan trunk encapsulation: dot1q

Administrative private-vlan trunk normal VLANs: none

Administrative private-vlan trunk private VLANs: none

Operational private-vlan: none

Trunking VLANs Enabled: ALL

Pruning VLANs Enabled: 2-1001

Capture Mode Disabled

Capture VLANs Allowed: ALL

Protected: false

Unknown unicast blocked: disabled

Unknown multicast blocked: disabled

Appliance trust: none

Building configuration...

Current configuration : 88 bytes

!

interface GigabitEthernet0/3

switchport access vlan 111

switchport mode access

end

-------Internal port--------

Name: Gi0/1

Switchport: Enabled

Administrative Mode: static access

Operational Mode: static access

Administrative Trunking Encapsulation: dot1q

Operational Trunking Encapsulation: native

Negotiation of Trunking: Off

Access Mode VLAN: 1 (default)

Trunking Native Mode VLAN: 1 (default)

Administrative Native VLAN tagging: enabled

Voice VLAN: none

Administrative private-vlan host-association: none

Administrative private-vlan mapping: none

Administrative private-vlan trunk native VLAN: none

Administrative private-vlan trunk Native VLAN tagging: enabled

Administrative private-vlan trunk encapsulation: dot1q

Administrative private-vlan trunk normal VLANs: none

Administrative private-vlan trunk private VLANs: none

Operational private-vlan: none

Trunking VLANs Enabled: ALL

Pruning VLANs Enabled: 2-1001

Capture Mode Disabled

Capture VLANs Allowed: ALL

Protected: false

Unknown unicast blocked: disabled

Unknown multicast blocked: disabled

Appliance trust: none

Building configuration...

Current configuration : 60 bytes

!

interface GigabitEthernet0/1

switchport mode access

end

0 Helpful

Go to solution
Reza Rezazadeh
Level 1
Level 1

‎12-21-2008 09:11 PM

Isn't anyone help me ?

I'm confused.

0 Helpful

Go to solution
passioncas
Level 1
Level 1
In response to Reza Rezazadeh

‎12-21-2008 09:50 PM

You made a mistake while configuring the Pool

ip nat pool ovrlp A.B.C.H A.B.C.H netmask 255.255.255.0

ip nat inside source list 1 pool ovrld overload

NAT overloading is configured with a wrong Pool name.This mught be the issue .Please correct it and revert.

0 Helpful

Go to solution
Reza Rezazadeh
Level 1
Level 1
In response to passioncas

‎12-21-2008 10:14 PM

if your mean is the pool name ,the correct is "ovrld". That is the typing mistake on the attached file.

0 Helpful

Go to solution
Reza Rezazadeh
Level 1
Level 1
In response to passioncas

‎12-21-2008 11:23 PM

Is there necessary "Routing" configuration before "NAT" configuration ?

Is NAT & Routing depending together ?

0 Helpful

Go to solution
passioncas
Level 1
Level 1
In response to Reza Rezazadeh

‎12-21-2008 11:30 PM

There should be a default route that pointing towards the internet Router.If it possible pls share the entire configuration

0 Helpful

Go to solution
Reza Rezazadeh
Level 1
Level 1
In response to passioncas

‎12-22-2008 02:18 AM

I don't configure the router for special roles yet. The configuration is very primary and simple.

- Assign IP address to interfaces.

- Assign password.

- Define NAT rule.

Preview file
2 KB
0 Helpful

Go to solution
passioncas
Level 1
Level 1
In response to Reza Rezazadeh

‎12-22-2008 04:13 AM

Hi ,

Routing has not been configured on the Swicth.As I said do a default route pointing towards the internet link (I hope it is Gig 0/10 .I would like to know the Switch port Gig 0/1 is connected to which device(could be an internet router).ANd the IP address configured on the outside interface is a Private IP address (on Gig 0/10).

If it possible pls share the internet router configuration and the network topology as well.

0 Helpful

Go to solution
Reza Rezazadeh
Level 1
Level 1
In response to passioncas

‎12-22-2008 10:43 PM

Hello Passioncas

I add this two line to the Router for configure routing.

ip route 0.0.0.0 0.0.0.0 GigabitEthernet0/1 permanent

ip route 172.20.0.0 255.255.0.0 GigabitEthernet0/0

Then all correct.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card