06-03-2010 05:44 PM - edited 03-04-2019 08:40 AM
I have two sites with 1841 routers connected by a point-to-point T1. From subnet 192.168.1.0 /24 I can access the Internet via RTRA, as well as hosts on the 192.168.1.0/24 subnet, and NAT is working correctly. I cannot access the Internet from RTRB, nor can hosts on the 192.168.0.0/24 subnet, although I can ping the inside (192.168.1.254) and outside (23.154.63.107) interfaces on RTRA. When I try to ping 23.154.63.105 from the 192.168.0.0/24 subnet I get timed out and there are no NAT translations on RTRA:
RTRA#sh ip nat trans
RTRA#
RTRA Partial Config
controller T1 0/0/0
framing esf
linecode b8zs
cablelength long 0db
channel-group 1 timeslots 1-24
!
!
!
!
interface FastEthernet0/0
ip address 192.168.1.254 255.255.255.0
ip nat inside
ip virtual-reassembly
duplex auto
speed auto
!
interface FastEthernet0/1
ip address 23.154.63.107 255.255.255.248
ip nat outside
ip virtual-reassembly
duplex auto
speed auto
!
interface Serial0/0/0:1
ip address 172.31.2.1 255.255.255.252
!
ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 23.154.63.105
ip route 192.168.0.0 255.255.255.0 172.31.2.2
!
ip nat inside source list 1 interface FastEthernet0/1 overload
!
access-list 1 permit 192.168.0.0 0.0.0.255
access-list 1 permit 192.168.1.0 0.0.0.255
RTRB Partial Config
controller T1 0/0/0
framing esf
linecode b8zs
cablelength long 0db
channel-group 1 timeslots 1-24
!
!
!
!
interface FastEthernet0/0
ip address 192.168.0.254 255.255.255.0
ip helper-address 192.168.1.7
duplex auto
speed auto
!
interface FastEthernet0/1
no ip address
shutdown
duplex auto
speed auto
!
interface Serial0/0/0:1
ip address 172.31.2.2 255.255.255.252
!
ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 172.31.2.1
Solved! Go to Solution.
06-03-2010 09:48 PM
Hi Michael
Try to adding:
ip nat inside
on
interface Serial0/0/0:1
ip address 172.31.2.1 255.255.255.252
Regards,
Kamil
06-03-2010 11:12 PM
Hi,
the ACL should not be any as it is not advised by Cisco.
use this one instead
access-list 1 permit 192.168.0.0 0.0.0.255
access-list 1 permit 192.168.1.0 0.0.0.255
There is no need of adding T1 interfaces in the ACL as the sources are 192.168.0.0/24 and .1.0/24
and
as suggested by one of the CSC expert configure
ip nat inside on the T1 interface
"ip nat inside"
HTH
Hitesh Vinzoda
Please rate useful posts
06-03-2010 06:10 PM
Hi Michael,
Try adding 172.31.2.0/30 to your access list (1) on RTRA and test again.
HTH
Reza
06-03-2010 06:31 PM
Reza,
I tried that as well as just doing a permit any to take the ACL out of the equation. Still not NAT'ing.
Thanks,
-mike
06-03-2010 11:12 PM
Hi,
the ACL should not be any as it is not advised by Cisco.
use this one instead
access-list 1 permit 192.168.0.0 0.0.0.255
access-list 1 permit 192.168.1.0 0.0.0.255
There is no need of adding T1 interfaces in the ACL as the sources are 192.168.0.0/24 and .1.0/24
and
as suggested by one of the CSC expert configure
ip nat inside on the T1 interface
"ip nat inside"
HTH
Hitesh Vinzoda
Please rate useful posts
06-03-2010 09:48 PM
Hi Michael
Try to adding:
ip nat inside
on
interface Serial0/0/0:1
ip address 172.31.2.1 255.255.255.252
Regards,
Kamil
06-04-2010 05:40 AM
Adding ip nat inside to my serial interface on RTRA did the trick and it's working now.
Thanks!
-mike
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide