12-20-2008 10:27 PM - edited 03-06-2019 03:04 AM
Hello My Dears,
I want configure my 3845Router to act as NAT server to connect local user to the Internet & Internet users connect to my web server.
For 1 step want access local users connect to the Internet , config 1st interface to 3 sub-interface and config the Switch port that this port connected to as a Trunk port.
At the end config a client follow this :
1- set IP address & Net mask
2- Set the "Default Gateway" as : 172.20.1.1
3- Set the "DNS" as 192.9.9.3
After this when using the "nslookup" can't connect to the DNS Server.
some line of "sho run" output are attached.
Solved! Go to Solution.
12-22-2008 04:13 AM
Hi ,
Routing has not been configured on the Swicth.As I said do a default route pointing towards the internet link (I hope it is Gig 0/10 .I would like to know the Switch port Gig 0/1 is connected to which device(could be an internet router).ANd the IP address configured on the outside interface is a Private IP address (on Gig 0/10).
If it possible pls share the internet router configuration and the network topology as well.
12-21-2008 12:30 AM
Hello Reza,
please provide also
sh run int gix/y on the switch and
sj int gix/y switchport
note1:
I would use a more specific ACL for NAT not a permit any.
Hope to help
Giuseppe
12-21-2008 01:24 AM
Hello Giuseppe
The outputs that you requests are attache.
Defining the access-list is practically.
12-21-2008 01:36 AM
12-21-2008 10:34 PM
I change the router configuration same as this :
- Delete the sub-interfaces,
- Assign the IP,"inside and outside NAT" to interfaces.
- change the switch ports to "access mode" and the corresponding vlan.
But don't chane the result.
--------- on the router ---------
interface GigabitEthernet0/0
ip address 172.20.1.1 255.255.0.0
ip nat inside
ip virtual-reassembly
duplex auto
speed auto
media-type rj45
negotiation auto
!
interface GigabitEthernet0/1
ip address A.B.C.D 255.255.255.0
ip nat outside
ip virtual-reassembly
duplex auto
speed auto
media-type rj45
negotiation auto
ip nat pool ovrld A.B.C.H A.B.C.H netmask 255.255.255.0
ip nat inside source list 1 pool ovrld overload
!
access-list 1 permit any
-------- on the switch---------
----- External port---------
Name: Gi0/3
Switchport: Enabled
Administrative Mode: static access
Operational Mode: static access
Administrative Trunking Encapsulation: dot1q
Operational Trunking Encapsulation: native
Negotiation of Trunking: Off
Access Mode VLAN: 111 (Valid_IP_Address)
Trunking Native Mode VLAN: 1 (default)
Administrative Native VLAN tagging: enabled
Voice VLAN: none
Administrative private-vlan host-association: none
Administrative private-vlan mapping: none
Administrative private-vlan trunk native VLAN: none
Administrative private-vlan trunk Native VLAN tagging: enabled
Administrative private-vlan trunk encapsulation: dot1q
Administrative private-vlan trunk normal VLANs: none
Administrative private-vlan trunk private VLANs: none
Operational private-vlan: none
Trunking VLANs Enabled: ALL
Pruning VLANs Enabled: 2-1001
Capture Mode Disabled
Capture VLANs Allowed: ALL
Protected: false
Unknown unicast blocked: disabled
Unknown multicast blocked: disabled
Appliance trust: none
Building configuration...
Current configuration : 88 bytes
!
interface GigabitEthernet0/3
switchport access vlan 111
switchport mode access
end
-------Internal port--------
Name: Gi0/1
Switchport: Enabled
Administrative Mode: static access
Operational Mode: static access
Administrative Trunking Encapsulation: dot1q
Operational Trunking Encapsulation: native
Negotiation of Trunking: Off
Access Mode VLAN: 1 (default)
Trunking Native Mode VLAN: 1 (default)
Administrative Native VLAN tagging: enabled
Voice VLAN: none
Administrative private-vlan host-association: none
Administrative private-vlan mapping: none
Administrative private-vlan trunk native VLAN: none
Administrative private-vlan trunk Native VLAN tagging: enabled
Administrative private-vlan trunk encapsulation: dot1q
Administrative private-vlan trunk normal VLANs: none
Administrative private-vlan trunk private VLANs: none
Operational private-vlan: none
Trunking VLANs Enabled: ALL
Pruning VLANs Enabled: 2-1001
Capture Mode Disabled
Capture VLANs Allowed: ALL
Protected: false
Unknown unicast blocked: disabled
Unknown multicast blocked: disabled
Appliance trust: none
Building configuration...
Current configuration : 60 bytes
!
interface GigabitEthernet0/1
switchport mode access
end
12-21-2008 09:11 PM
Isn't anyone help me ?
I'm confused.
12-21-2008 09:50 PM
You made a mistake while configuring the Pool
ip nat pool ovrlp A.B.C.H A.B.C.H netmask 255.255.255.0
ip nat inside source list 1 pool ovrld overload
NAT overloading is configured with a wrong Pool name.This mught be the issue .Please correct it and revert.
12-21-2008 10:14 PM
if your mean is the pool name ,the correct is "ovrld". That is the typing mistake on the attached file.
12-21-2008 11:23 PM
Is there necessary "Routing" configuration before "NAT" configuration ?
Is NAT & Routing depending together ?
12-21-2008 11:30 PM
There should be a default route that pointing towards the internet Router.If it possible pls share the entire configuration
12-22-2008 02:18 AM
12-22-2008 04:13 AM
Hi ,
Routing has not been configured on the Swicth.As I said do a default route pointing towards the internet link (I hope it is Gig 0/10 .I would like to know the Switch port Gig 0/1 is connected to which device(could be an internet router).ANd the IP address configured on the outside interface is a Private IP address (on Gig 0/10).
If it possible pls share the internet router configuration and the network topology as well.
12-22-2008 10:43 PM
Hello Passioncas
I add this two line to the Router for configure routing.
ip route 0.0.0.0 0.0.0.0 GigabitEthernet0/1 permanent
ip route 172.20.0.0 255.255.0.0 GigabitEthernet0/0
Then all correct.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: