cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
11752
Views
5
Helpful
28
Replies

NAT Cisco 2901

I am attempting to configure a Cisco 2901 router using IOS 15 to   properly perform NAT/PAT translation between LAN and the internet   connection.

My Configuration:

interface GigabitEthernet0/0

ip address dhcp

ip nat outside

ip virtual-reassembly

no ip route-cache

duplex auto

speed auto

no cdp enable

no mop enabled

!

!

interface ISM0/0

no ip address

no ip route-cache

shutdown

service-module fail-open

no cdp enable

!

hold-queue 60 out

!

interface ISM0/1

no ip address

no ip route-cache

shutdown

no cdp enable

!

!

interface GigabitEthernet0/1

ip address 10.1.1.1 255.255.255.0

ip nat inside

ip virtual-reassembly

no ip route-cache

duplex auto

speed auto

no cdp enable

!

!

ip forward-protocol nd

!

no ip http server

no ip http secure-server

!

ip nat inside source list 1 interface GigabitEthernet0/0 overload

ip route 0.0.0.0 0.0.0.0 GigabitEthernet0/0

!

access-list 1 permit 10.1.1.0 0.0.0.255

!

But Nat no work

Any ideas?

28 Replies 28

Ton V Engelen
Level 3
Level 3

Hi,

is this all the configuration?

For I dont see a nat pool.

Something like this,  where 1.1.1.1 is just an example, replace it with your outside ip address

ip nat pool POOL-NAME 1.1.1.1 1.1.1.1 netmask 255.255.255.240

ip nat inside source list 10 pool POOL-NAME overload

access-list 10 permit 10.1.1.0 0.0.0.255

Hi Ton,

I don't think that the nat pool is necessary because NAT overload (PAT) with overloaded interface is in use here. Therefore all private addresses are translated to Router GigabitEthernet 0/0 interface's address using different ports.

I believe that this is not causing the problem.

Best regards,

Jan

Hi, Jan

thanks for pointing out. Guess i needed more coffee this morning...

Hi Ton,

you're welcome! Yeah, I think that all of us would appreciate more sleep at night or more coffee in the morning at least . Have a nice day!

Btw, I am really curious what could be cause of the problem here...

Best regards,

Jan

Jan Hrnko
Level 4
Level 4

Hi,

I have tried similar configuration as yours (NAT overload, overloaded interface with DHCP assigned IP address) but it works. Are you absolutely sure that NAT is not working correctly? Can't there be any other problem? Please try to verify NAT by using the command: show ip nat translations. Also please check if the Gi0/0 interface has ip address correctly assigned and if the default route is installed in the routing table.

Best regards,

Jan.

Hi everyone

My Full Configuration:

Current configuration : 2005 bytes

!

! Last configuration change at 21:40:23 UTC Mon Mar 12 2012

version 15.1

service config

service timestamps debug datetime msec

service timestamps log datetime msec

no service password-encryption

!

hostname Volts

!

boot-start-marker

boot-end-marker

!

!

enable secret 5 $1$wB9U$.k3JKiQCsqj6sXs9DW9FN/

enable password blaalalallalaa

!

no aaa new-model

no process cpu extended history

no process cpu autoprofile hog

!

no ipv6 cef

ip source-route

no ip routing

no ip cef

!

!

!

!

!

ip domain name 192.168.0.1

ip name-server 8.8.8.8

ip name-server 8.8.8.4

multilink bundle-name authenticated

!

!

!

!

!

crypto pki token default removal timeout 0

!

!

voice-card 0

!

!

!

license udi pid CISCO2901/K9 sn FTX153784LL

hw-module pvdm 0/0

!

!

!

!

redundancy

!

!

!

!

!

!

interface Embedded-Service-Engine0/0

no ip address

no ip route-cache

shutdown

no cdp enable

!

interface GigabitEthernet0/0

ip address dhcp

ip nat outside

ip virtual-reassembly in

no ip route-cache

duplex auto

speed auto

no cdp enable

no mop enabled

!

interface GigabitEthernet0/1

ip address 10.1.1.1 255.255.255.0

ip nat inside

ip virtual-reassembly in

no ip route-cache

duplex auto

speed auto

no cdp enable

!

interface Serial0/0/0

no ip address

no ip route-cache

shutdown

no fair-queue

clock rate 2000000

ip default-gateway 192.168.0.1

ip forward-protocol nd

!

no ip http server

no ip http secure-server

!

ip nat inside source list 1 interface GigabitEthernet0/0 overload

ip route 0.0.0.0 0.0.0.0 192.168.0.1 254

!

access-list 1 permit 10.1.1.0 0.0.0.255

!

!

snmp-server community public RO

!

control-plane

!

!

voice-port 0/1/0

!

voice-port 0/1/1

!

!

!

mgcp profile default

!

!

!

!

!

gatekeeper

shutdown

!

!

!

line con 0

exec-timeout 0 0

line aux 0

line 2

no activation-character

no exec

transport preferred none

transport input all

transport output pad telnet rlogin lapb-ta mop udptn v120 ssh

stopbits 1

line vty 0 4

password @#in4008@#

login

transport input all

!

scheduler allocate 20000 1000

end

Hi Luiz,

I have just seen the config and I suppose I have an idea what could be causing the problem. PAT is ok, the default route is not.

In the output you have given us earlier was this:

ip route 0.0.0.0 0.0.0.0 GigabitEthernet0/0

It is ok, it means that all traffic that cannot be routed by routing entries in the table is forwarded using interface Gi0/0

But in the output you have provided now is this:

ip route 0.0.0.0 0.0.0.0 192.168.0.1 254

There is IP address of next hop. Don't you think this is causing the problem? IP of the next hop should be public IP address, not private! So you should use ip route 0.0.0.0 0.0.0.0 GigabitEthernet0/0 solution or something else but definitely not private IP address if you want to access the internet.

What do you think?

Best regards,

Jan

ip route 0.0.0.0 0.0.0.0 GigabitEthernet0/0

%Default route without gateway, if not a point-to-point interface, may impact performance

no ip route 0.0.0.0 0.0.0.0 192.168.0.1 254

%No matching route to delete

This route

route 0.0.0.0 0.0.0.0 192.168.0.1 254

was created automatically by DHCP

Hi,

I see now. So you are using NAT two times? So therefore the problem could be 1. NAT is not working correctly - which I doubt because it seems to be configured properly...or something next on the link is not correct. Would you be so kind and try to ping the IP default gateway 192.168.0.1 from host with IP address of 10.1.1.2? Immediately after that please do show ip nat translations. I forgot to mention that earlier, but if there are not active connections for some time, this command will have blank output.

Best regards,

Jan

But nothing, my station with ip 10.1.1.2 dont access internet.

When i putty sh ip nat translation CLI dont return nothing.

Hi Luiz,

Please can you verify by command sh ip route that the default route is installed in the routing table and by using command show ip interface gigabitEthernet 0/0 verify the correct state and IP of the interface? Please, if you would be so kind and paste output from these two commands aslo.Thank you!

sh ip route

show ip interface gigabitEthernet 0/0

Best regards,

Jan

sh ip route

Default gateway is 192.168.0.1

Host               Gateway           Last Use    Total Uses  Interface

ICMP redirect cache is empty

show ip interface gigabitEthernet 0/0

GigabitEthernet0/0 is up, line protocol is up

  Internet address is 192.168.0.128/24

  Broadcast address is 255.255.255.255

  Address determined by DHCP

  MTU is 1500 bytes

  Helper address is not set

  Directed broadcast forwarding is disabled

  Outgoing access list is not set

  Inbound  access list is not set

  Proxy ARP is enabled

  Local Proxy ARP is disabled

  Security level is default

  Split horizon is enabled

  ICMP redirects are always sent

  ICMP unreachables are always sent

  ICMP mask replies are never sent

  IP fast switching is disabled

  IP fast switching on the same interface is disabled

  IP Flow switching is disabled

  IP CEF switching is disabled

  IP Null turbo vector

  IP multicast fast switching is disabled

  IP multicast distributed fast switching is disabled

  IP route-cache flags are None

  Router Discovery is disabled

  IP output packet accounting is disabled

  IP access violation accounting is disabled

  TCP/IP header compression is disabled

  RTP/IP header compression is disabled

  Policy routing is disabled

  Network address translation is enabled, interface in domain outside

  BGP Policy Mapping is disabled

  Input features: Stateful Inspection, Virtual Fragment Reassembly, Virtual Fragment Reassembly After IPSec Decryption, NAT Outside, MCI Check

  Output features: Post-routing NAT Outside, Stateful Inspection, NAT ALG proxy

  WCCP Redirect outbound is disabled

  WCCP Redirect inbound is disabled

  WCCP Redirect exclude is disabled

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: