cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1766
Views
0
Helpful
8
Replies

Cisco 1711: Cannot get NAT to work

shamimakhtar
Level 1
Level 1

I have a Cisco 1711 which I am tyring to configure as a small-office router. It will assign DHCP addresses to computers on the LAN and provide them internet access. Router receives an IP from the ISP modem and router can ping hosts on the internet. PC sitting on the LAN behind the router are receiving DHCP from the router but are not able to access internet. Any help is appreciated.

!
no aaa new-model
ip cef
!
!
no ip dhcp use vrf connected
!
ip dhcp pool SPODIGIBBUSERS
   network 10.50.50.0 255.255.255.0
   dns-server 8.8.8.8
   default-router 10.50.50.1
   lease 7
!
interface FastEthernet0
ip address dhcp
ip nat outside
ip virtual-reassembly
duplex auto
speed auto
!
interface FastEthernet1
!
interface FastEthernet2
!
interface FastEthernet3
!
interface FastEthernet4
!
interface Vlan1
ip address 10.50.50.1 255.255.255.0
ip nat inside
ip virtual-reassembly
!
interface Async1
no ip address
encapsulation slip
!
ip forward-protocol nd
!
!
ip nat inside source list 1 interface FastEthernet0 overload
!
access-list 1 permit any log
!
!
!
!
line con 0
line 1
stopbits 1
speed 115200
flowcontrol hardware
line aux 0
line vty 0 4
login
!

1 Accepted Solution

Accepted Solutions

Can you just try something -

change the access-list 1 to be -

access-list 101 permit ip 10.50.50.0 0.0.0.255 any

ip nat inside source list 101 interface fa0 overload

and retest.

Jon

View solution in original post

8 Replies 8

Jon Marshall
Hall of Fame
Hall of Fame

Can you try to connect from a client and then post output from router of -

1) "sh ip nat translations"

2) "sh ip route"

Have you tried pinging an ip address on the internet as opposed to a name ?

Jon

From the router I am successfully pinging internet hosts, i am able to also telnet to google.com on port 80 and it is resolving correctly.

Reza Sharifi
Hall of Fame
Hall of Fame

In addition to Jon's comment, I don't see a default route pointing to your outside interface or the IP address of the outside interface.

ip route 0.0.0.0 0.0.0.0 interface FastEthernet0

HTH

Reza

sharifimr wrote:

In addition to Jon's comment, I don't see a default route pointing to your outside interface or the IP address of the outside interface.

ip route 0.0.0.0 0.0.0.0 interface FastEthernet0

HTH

Reza

Hi Reza

I saw that too but he said he could ping from the router to the internet so i figured the DHCP on the outside interface was supplying the route ? Not sure though.

Jon

that is correct - DHCP on the Fa0 (outside) interface is supplying a default route.

The nat translations does nto show any output when i ping from the laptop. when i ping from the router NAT table shows as below. I changed the

Pro Inside global      Inside local       Outside local      Outside global
icmp RTR_F0:23   10.50.50.1:23      4.2.2.2:23         4.2.2.2:23
icmp RTR_F0:24   10.50.50.1:24      8.8.8.8:24         8.8.8.8:24
udp RTR_F0:68    RTR_F0:68    10.0.0.1:67        10.0.0.1:67

show ip route
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
       E1 - OSPF external type 1, E2 - OSPF external type 2
       i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
       ia - IS-IS inter area, * - candidate default, U - per-user static route
       o - ODR, P - periodic downloaded static route

Gateway of last resort is DEF-RTR to network 0.0.0.0

     x.x.x.x/24 is subnetted, 1 subnets
C       x.x.x.x is directly connected, FastEthernet0
     10.0.0.0/8 is variably subnetted, 2 subnets, 2 masks
C       10.50.50.0/24 is directly connected, Vlan1
S       10.0.0.1/32 [254/0] via DEF-RTR, FastEthernet0
                    [254/0] via DEF-RTR
S*   0.0.0.0/0 [254/0] via DEF-RTR

Can you just try something -

change the access-list 1 to be -

access-list 101 permit ip 10.50.50.0 0.0.0.255 any

ip nat inside source list 101 interface fa0 overload

and retest.

Jon

oh wow, that worked. i just changed and re-tested and it works like a charm.

if you are ever in the NYC area i will be getting you a few beers

No problem, glad to have helped.

Jon

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: