Cisco 1711: Cannot get NAT to work

Answered Question
Sep 15th, 2010
User Badges:

I have a Cisco 1711 which I am tyring to configure as a small-office router. It will assign DHCP addresses to computers on the LAN and provide them internet access. Router receives an IP from the ISP modem and router can ping hosts on the internet. PC sitting on the LAN behind the router are receiving DHCP from the router but are not able to access internet. Any help is appreciated.


!
no aaa new-model
ip cef
!
!
no ip dhcp use vrf connected
!
ip dhcp pool SPODIGIBBUSERS
   network 10.50.50.0 255.255.255.0
   dns-server 8.8.8.8
   default-router 10.50.50.1
   lease 7
!
interface FastEthernet0
ip address dhcp
ip nat outside
ip virtual-reassembly
duplex auto
speed auto
!
interface FastEthernet1
!
interface FastEthernet2
!
interface FastEthernet3
!
interface FastEthernet4
!
interface Vlan1
ip address 10.50.50.1 255.255.255.0
ip nat inside
ip virtual-reassembly
!
interface Async1
no ip address
encapsulation slip
!
ip forward-protocol nd
!
!
ip nat inside source list 1 interface FastEthernet0 overload
!
access-list 1 permit any log
!
!
!
!
line con 0
line 1
stopbits 1
speed 115200
flowcontrol hardware
line aux 0
line vty 0 4
login
!

Correct Answer by Jon Marshall about 6 years 10 months ago

Can you just try something -


change the access-list 1 to be -


access-list 101 permit ip 10.50.50.0 0.0.0.255 any


ip nat inside source list 101 interface fa0 overload


and retest.


Jon

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
Jon Marshall Wed, 09/15/2010 - 12:02
User Badges:
  • Super Blue, 32500 points or more
  • Hall of Fame,

    Founding Member

  • Cisco Designated VIP,

    2017 LAN, WAN

Can you try to connect from a client and then post output from router of -


1) "sh ip nat translations"


2) "sh ip route"


Have you tried pinging an ip address on the internet as opposed to a name ?


Jon

shamimakhtar Wed, 09/15/2010 - 12:50
User Badges:

From the router I am successfully pinging internet hosts, i am able to also telnet to google.com on port 80 and it is resolving correctly.

Reza Sharifi Wed, 09/15/2010 - 12:09
User Badges:
  • Super Bronze, 10000 points or more
  • Cisco Designated VIP,

    2017 LAN

In addition to Jon's comment, I don't see a default route pointing to your outside interface or the IP address of the outside interface.

ip route 0.0.0.0 0.0.0.0 interface FastEthernet0


HTH

Reza

Jon Marshall Wed, 09/15/2010 - 12:11
User Badges:
  • Super Blue, 32500 points or more
  • Hall of Fame,

    Founding Member

  • Cisco Designated VIP,

    2017 LAN, WAN

sharifimr wrote:


In addition to Jon's comment, I don't see a default route pointing to your outside interface or the IP address of the outside interface.

ip route 0.0.0.0 0.0.0.0 interface FastEthernet0


HTH

Reza

Hi Reza


I saw that too but he said he could ping from the router to the internet so i figured the DHCP on the outside interface was supplying the route ? Not sure though.


Jon

shamimakhtar Wed, 09/15/2010 - 12:47
User Badges:

that is correct - DHCP on the Fa0 (outside) interface is supplying a default route.


The nat translations does nto show any output when i ping from the laptop. when i ping from the router NAT table shows as below. I changed the


Pro Inside global      Inside local       Outside local      Outside global
icmp RTR_F0:23   10.50.50.1:23      4.2.2.2:23         4.2.2.2:23
icmp RTR_F0:24   10.50.50.1:24      8.8.8.8:24         8.8.8.8:24
udp RTR_F0:68    RTR_F0:68    10.0.0.1:67        10.0.0.1:67




show ip route
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
       E1 - OSPF external type 1, E2 - OSPF external type 2
       i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
       ia - IS-IS inter area, * - candidate default, U - per-user static route
       o - ODR, P - periodic downloaded static route


Gateway of last resort is DEF-RTR to network 0.0.0.0

     x.x.x.x/24 is subnetted, 1 subnets
C       x.x.x.x is directly connected, FastEthernet0
     10.0.0.0/8 is variably subnetted, 2 subnets, 2 masks
C       10.50.50.0/24 is directly connected, Vlan1
S       10.0.0.1/32 [254/0] via DEF-RTR, FastEthernet0
                    [254/0] via DEF-RTR
S*   0.0.0.0/0 [254/0] via DEF-RTR

Correct Answer
Jon Marshall Wed, 09/15/2010 - 12:54
User Badges:
  • Super Blue, 32500 points or more
  • Hall of Fame,

    Founding Member

  • Cisco Designated VIP,

    2017 LAN, WAN

Can you just try something -


change the access-list 1 to be -


access-list 101 permit ip 10.50.50.0 0.0.0.255 any


ip nat inside source list 101 interface fa0 overload


and retest.


Jon

shamimakhtar Wed, 09/15/2010 - 13:02
User Badges:

oh wow, that worked. i just changed and re-tested and it works like a charm.


if you are ever in the NYC area i will be getting you a few beers

Jon Marshall Wed, 09/15/2010 - 15:25
User Badges:
  • Super Blue, 32500 points or more
  • Hall of Fame,

    Founding Member

  • Cisco Designated VIP,

    2017 LAN, WAN

No problem, glad to have helped.


Jon

Actions

This Discussion

Related Content