03-11-2012 12:16 PM - edited 03-07-2019 05:29 AM
I am attempting to configure a Cisco 2901 router using IOS 15 to properly perform NAT/PAT translation between LAN and the internet connection.
My Configuration:
interface GigabitEthernet0/0
ip address dhcp
ip nat outside
ip virtual-reassembly
no ip route-cache
duplex auto
speed auto
no cdp enable
no mop enabled
!
!
interface ISM0/0
no ip address
no ip route-cache
shutdown
service-module fail-open
no cdp enable
!
hold-queue 60 out
!
interface ISM0/1
no ip address
no ip route-cache
shutdown
no cdp enable
!
!
interface GigabitEthernet0/1
ip address 10.1.1.1 255.255.255.0
ip nat inside
ip virtual-reassembly
no ip route-cache
duplex auto
speed auto
no cdp enable
!
!
ip forward-protocol nd
!
no ip http server
no ip http secure-server
!
ip nat inside source list 1 interface GigabitEthernet0/0 overload
ip route 0.0.0.0 0.0.0.0 GigabitEthernet0/0
!
access-list 1 permit 10.1.1.0 0.0.0.255
!
But Nat no work
Any ideas?
03-12-2012 03:44 AM
Hi,
is this all the configuration?
For I dont see a nat pool.
Something like this, where 1.1.1.1 is just an example, replace it with your outside ip address
ip nat pool POOL-NAME 1.1.1.1 1.1.1.1 netmask 255.255.255.240
ip nat inside source list 10 pool POOL-NAME overload
access-list 10 permit 10.1.1.0 0.0.0.255
03-12-2012 05:55 AM
Hi Ton,
I don't think that the nat pool is necessary because NAT overload (PAT) with overloaded interface is in use here. Therefore all private addresses are translated to Router GigabitEthernet 0/0 interface's address using different ports.
I believe that this is not causing the problem.
Best regards,
Jan
03-12-2012 06:32 AM
Hi, Jan
thanks for pointing out. Guess i needed more coffee this morning...
03-12-2012 07:13 AM
Hi Ton,
you're welcome! Yeah, I think that all of us would appreciate more sleep at night or more coffee in the morning at least . Have a nice day!
Btw, I am really curious what could be cause of the problem here...
Best regards,
Jan
03-12-2012 06:01 AM
Hi,
I have tried similar configuration as yours (NAT overload, overloaded interface with DHCP assigned IP address) but it works. Are you absolutely sure that NAT is not working correctly? Can't there be any other problem? Please try to verify NAT by using the command: show ip nat translations. Also please check if the Gi0/0 interface has ip address correctly assigned and if the default route is installed in the routing table.
Best regards,
Jan.
03-12-2012 02:42 PM
Hi everyone
My Full Configuration:
Current configuration : 2005 bytes
!
! Last configuration change at 21:40:23 UTC Mon Mar 12 2012
version 15.1
service config
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname Volts
!
boot-start-marker
boot-end-marker
!
!
enable secret 5 $1$wB9U$.k3JKiQCsqj6sXs9DW9FN/
enable password blaalalallalaa
!
no aaa new-model
no process cpu extended history
no process cpu autoprofile hog
!
no ipv6 cef
ip source-route
no ip routing
no ip cef
!
!
!
!
!
ip domain name 192.168.0.1
ip name-server 8.8.8.8
ip name-server 8.8.8.4
multilink bundle-name authenticated
!
!
!
!
!
crypto pki token default removal timeout 0
!
!
voice-card 0
!
!
!
license udi pid CISCO2901/K9 sn FTX153784LL
hw-module pvdm 0/0
!
!
!
!
redundancy
!
!
!
!
!
!
interface Embedded-Service-Engine0/0
no ip address
no ip route-cache
shutdown
no cdp enable
!
interface GigabitEthernet0/0
ip address dhcp
ip nat outside
ip virtual-reassembly in
no ip route-cache
duplex auto
speed auto
no cdp enable
no mop enabled
!
interface GigabitEthernet0/1
ip address 10.1.1.1 255.255.255.0
ip nat inside
ip virtual-reassembly in
no ip route-cache
duplex auto
speed auto
no cdp enable
!
interface Serial0/0/0
no ip address
no ip route-cache
shutdown
no fair-queue
clock rate 2000000
ip default-gateway 192.168.0.1
ip forward-protocol nd
!
no ip http server
no ip http secure-server
!
ip nat inside source list 1 interface GigabitEthernet0/0 overload
ip route 0.0.0.0 0.0.0.0 192.168.0.1 254
!
access-list 1 permit 10.1.1.0 0.0.0.255
!
!
snmp-server community public RO
!
control-plane
!
!
voice-port 0/1/0
!
voice-port 0/1/1
!
!
!
mgcp profile default
!
!
!
!
!
gatekeeper
shutdown
!
!
!
line con 0
exec-timeout 0 0
line aux 0
line 2
no activation-character
no exec
transport preferred none
transport input all
transport output pad telnet rlogin lapb-ta mop udptn v120 ssh
stopbits 1
line vty 0 4
password @#in4008@#
login
transport input all
!
scheduler allocate 20000 1000
end
03-12-2012 03:00 PM
Hi Luiz,
I have just seen the config and I suppose I have an idea what could be causing the problem. PAT is ok, the default route is not.
In the output you have given us earlier was this:
ip route 0.0.0.0 0.0.0.0 GigabitEthernet0/0
It is ok, it means that all traffic that cannot be routed by routing entries in the table is forwarded using interface Gi0/0
But in the output you have provided now is this:
ip route 0.0.0.0 0.0.0.0 192.168.0.1 254
There is IP address of next hop. Don't you think this is causing the problem? IP of the next hop should be public IP address, not private! So you should use ip route 0.0.0.0 0.0.0.0 GigabitEthernet0/0 solution or something else but definitely not private IP address if you want to access the internet.
What do you think?
Best regards,
Jan
03-12-2012 03:05 PM
ip route 0.0.0.0 0.0.0.0 GigabitEthernet0/0
%Default route without gateway, if not a point-to-point interface, may impact performance
03-12-2012 03:12 PM
no ip route 0.0.0.0 0.0.0.0 192.168.0.1 254
%No matching route to delete
03-12-2012 03:15 PM
This route
route 0.0.0.0 0.0.0.0 192.168.0.1 254
was created automatically by DHCP
03-12-2012 03:33 PM
Hi,
I see now. So you are using NAT two times? So therefore the problem could be 1. NAT is not working correctly - which I doubt because it seems to be configured properly...or something next on the link is not correct. Would you be so kind and try to ping the IP default gateway 192.168.0.1 from host with IP address of 10.1.1.2? Immediately after that please do show ip nat translations. I forgot to mention that earlier, but if there are not active connections for some time, this command will have blank output.
Best regards,
Jan
03-12-2012 02:44 PM
But nothing, my station with ip 10.1.1.2 dont access internet.
When i putty sh ip nat translation CLI dont return nothing.
03-12-2012 02:50 PM
Hi Luiz,
Please can you verify by command sh ip route that the default route is installed in the routing table and by using command show ip interface gigabitEthernet 0/0 verify the correct state and IP of the interface? Please, if you would be so kind and paste output from these two commands aslo.Thank you!
sh ip route
show ip interface gigabitEthernet 0/0
Best regards,
Jan
03-12-2012 03:03 PM
sh ip route
Default gateway is 192.168.0.1
Host Gateway Last Use Total Uses Interface
ICMP redirect cache is empty
show ip interface gigabitEthernet 0/0
GigabitEthernet0/0 is up, line protocol is up
Internet address is 192.168.0.128/24
Broadcast address is 255.255.255.255
Address determined by DHCP
MTU is 1500 bytes
Helper address is not set
Directed broadcast forwarding is disabled
Outgoing access list is not set
Inbound access list is not set
Proxy ARP is enabled
Local Proxy ARP is disabled
Security level is default
Split horizon is enabled
ICMP redirects are always sent
ICMP unreachables are always sent
ICMP mask replies are never sent
IP fast switching is disabled
IP fast switching on the same interface is disabled
IP Flow switching is disabled
IP CEF switching is disabled
IP Null turbo vector
IP multicast fast switching is disabled
IP multicast distributed fast switching is disabled
IP route-cache flags are None
Router Discovery is disabled
IP output packet accounting is disabled
IP access violation accounting is disabled
TCP/IP header compression is disabled
RTP/IP header compression is disabled
Policy routing is disabled
Network address translation is enabled, interface in domain outside
BGP Policy Mapping is disabled
Input features: Stateful Inspection, Virtual Fragment Reassembly, Virtual Fragment Reassembly After IPSec Decryption, NAT Outside, MCI Check
Output features: Post-routing NAT Outside, Stateful Inspection, NAT ALG proxy
WCCP Redirect outbound is disabled
WCCP Redirect inbound is disabled
WCCP Redirect exclude is disabled
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: