NAT issue when going across T1

Answered Question
Jun 3rd, 2010

I have two sites with 1841 routers connected by a point-to-point T1. From subnet 192.168.1.0 /24 I can access the Internet via RTRA, as well as hosts on the 192.168.1.0/24 subnet, and NAT is working correctly. I cannot access the Internet from RTRB, nor can hosts on the 192.168.0.0/24 subnet, although I can ping the inside (192.168.1.254) and outside (23.154.63.107) interfaces on RTRA. When I try to ping 23.154.63.105 from the 192.168.0.0/24 subnet I get timed out and there are no NAT translations on RTRA:

RTRA#sh ip nat trans


RTRA#

RTRA Partial Config

controller T1 0/0/0

framing esf

linecode b8zs

cablelength long 0db

channel-group 1 timeslots 1-24

!

!

!

!

interface FastEthernet0/0

ip address 192.168.1.254 255.255.255.0

ip nat inside

ip virtual-reassembly

duplex auto

speed auto

!

interface FastEthernet0/1

ip address 23.154.63.107 255.255.255.248

ip nat outside

ip virtual-reassembly

duplex auto

speed auto

!

interface Serial0/0/0:1

ip address 172.31.2.1 255.255.255.252

!

ip forward-protocol nd

ip route 0.0.0.0 0.0.0.0 23.154.63.105

ip route 192.168.0.0 255.255.255.0 172.31.2.2

!

ip nat inside source list 1 interface FastEthernet0/1 overload

!

access-list 1 permit 192.168.0.0 0.0.0.255

access-list 1 permit 192.168.1.0 0.0.0.255


RTRB Partial Config

controller T1 0/0/0

framing esf

linecode b8zs

cablelength long 0db

channel-group 1 timeslots 1-24

!

!

!

!

interface FastEthernet0/0

ip address 192.168.0.254 255.255.255.0

ip helper-address 192.168.1.7

duplex auto

speed auto

!

interface FastEthernet0/1

no ip address

shutdown

duplex auto

speed auto

!

interface Serial0/0/0:1

ip address 172.31.2.2 255.255.255.252

!

ip forward-protocol nd

ip route 0.0.0.0 0.0.0.0 172.31.2.1

Attachment: 
I have this problem too.
0 votes
Correct Answer by Hitesh Vinzoda about 6 years 6 months ago

Hi,

the ACL should not be any as it is not advised by Cisco.

use this one instead

access-list 1 permit 192.168.0.0 0.0.0.255

access-list 1 permit 192.168.1.0 0.0.0.255

There is no need of adding T1 interfaces in the ACL as the sources are 192.168.0.0/24 and .1.0/24

and

as suggested by one of the CSC expert configure

ip nat inside on the T1 interface

"ip nat inside"

HTH

Hitesh Vinzoda

Please rate useful posts

Correct Answer by Komil Shamgunov about 6 years 6 months ago

Hi Michael

Try to adding:

ip nat inside

on

interface Serial0/0/0:1

ip address 172.31.2.1 255.255.255.252

Regards,

Kamil

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (2 ratings)
Loading.
Reza Sharifi Thu, 06/03/2010 - 18:10

Hi Michael,

Try adding 172.31.2.0/30 to your access list (1) on RTRA  and test again.

HTH

Reza

Michael Murray Thu, 06/03/2010 - 18:31

Reza,

I tried that as well as just doing a permit any to take the ACL out of the equation. Still not NAT'ing.

Thanks,

-mike

Correct Answer
Hitesh Vinzoda Thu, 06/03/2010 - 23:12

Hi,

the ACL should not be any as it is not advised by Cisco.

use this one instead

access-list 1 permit 192.168.0.0 0.0.0.255

access-list 1 permit 192.168.1.0 0.0.0.255

There is no need of adding T1 interfaces in the ACL as the sources are 192.168.0.0/24 and .1.0/24

and

as suggested by one of the CSC expert configure

ip nat inside on the T1 interface

"ip nat inside"

HTH

Hitesh Vinzoda

Please rate useful posts

Correct Answer
Komil Shamgunov Thu, 06/03/2010 - 21:48

Hi Michael

Try to adding:

ip nat inside

on

interface Serial0/0/0:1

ip address 172.31.2.1 255.255.255.252

Regards,

Kamil

Michael Murray Fri, 06/04/2010 - 05:40

Adding ip nat inside to my serial interface on RTRA did the trick and it's working now.

Thanks!

-mike

Actions

This Discussion

Related Content