×

Warning message

  • Cisco Support Forums is in Read Only mode while the site is being migrated.
  • Cisco Support Forums is in Read Only mode while the site is being migrated.

Easy NAT configuration question

Unanswered Question
Jan 22nd, 2003
User Badges:

I am trying to enable NAT on my 3640, but something is wrong with my configuration. I have a basic static NAT translation with an internal host of 192.168.0.10. The inside router interface is 192.168.0.1. The outside interface is 64.171.42.211 and the gateway is 64.171.42.209. A static route exists to 64.171.42.209. However, NAT is not working because my host which is at 192.168.0.10 can ping 192.168.0.1, but that is it.. Any ideas?

Current configuration : 1084 bytes

!

version 12.2

service timestamps debug uptime

service timestamps log uptime

no service password-encryption

!

hostname Cisco

!

!

ip subnet-zero

!

!

ip name-server 206.13.28.12

!

ip audit notify log

ip audit po max-events 100

!

!

!

!

!

!

!

!

fax interface-type fax-mail

mta receive maximum-recipients 0

!

!

!

!

interface Ethernet2/0

description Intranet

ip address 192.168.0.1 255.255.255.0

ip nat inside

half-duplex

no mop enabled

!

interface Ethernet2/1

description Internet

ip address 64.171.42.211 255.255.255.248

ip nat outside

half-duplex

!

interface Ethernet3/0

no ip address

shutdown

half-duplex

!

interface Ethernet3/1

no ip address

shutdown

half-duplex

!

ip nat inside source static 192.168.0.1 64.171.42.211

ip classless

ip route 0.0.0.0 0.0.0.0 64.171.42.209

ip http server

ip pim bidir-enable

!

!

!

!

call rsvp-sync

!

!

mgcp profile default

!

dial-peer cor custom

!

!

!

!

!

line con 0

exec-timeout 0 0

password Cisco

logging synchronous

login

line aux 0

line vty 0 4

password Cisco

login

!

!

end

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 4 (1 ratings)
Loading.
ali-franks Wed, 01/22/2003 - 01:52
User Badges:

Remove:


ip nat inside source static 192.168.0.1 64.171.42.211


Add


ip nat inside source list 1 interface Ethernet2/1 overload

access-list 1 permit 192.168.0.0 0.0.0.255


That'll do the trick


Ali

a.manosca Wed, 01/22/2003 - 01:59
User Badges:
  • Bronze, 100 points or more

Hi, your objective is not quite clear but here are some info:


It is normal that the host (192.168.0.10) is able to ping

the Ethernet2/0's ip add because they are on the same segment

and no translation should happen because the packet will not

be 'switched' to Ethernet2/1.


However, if you want to use Ethernet2/1's public ip add (64.171.42.211)

as your host's outside ip add, you can try the following config:


access-list 1 permit host 192.168.0.1

access-list 1 permit host 192.168.0.10


ip nat inside source list 1 interface Ethernet2/1 overload


(The above config allows only Eth2/0 and the host to be

translated using Eth2/1's ip add)

(remove the "ip nat inside source static 192.168.0.1 64.171.42.211" )


So I guess what you want to achieve is for the host (192.168.0.10)

to be able to access the outside (or the internet) using the

ip address 64.171.42.211.


Hope this helps.

sp2960655 Wed, 01/22/2003 - 08:10
User Badges:

I want the host at 192.168.0.10 to be able to get on the Internet. So far, the IP NAT TRANSLATIONS shows nothing. The 192.168.0.10 MIcrosoft Windows XP-based host can ping 192.168.0.1 (the host gateway and DNS server is defined as 192.168.0.1). The 192.168.0.10 host is connected to a Cisco 2924XL switch (it also has an inside address but for management purposes), which is then connected to the router.


A static default route goes to 64.171.42.209, which is the ISP gateway.


version 12.2

service timestamps debug uptime

service timestamps log uptime

no service password-encryption

!

hostname Cisco

!

enable secret 5 $1$3rNz$QK9.t4zOpmVzIKXNKxBQ9.

!

ip subnet-zero

!

!

ip name-server 206.13.28.12

!

ip audit notify log

ip audit po max-events 100

!

!

!

!

!

!

!

!

fax interface-type fax-mail

mta receive maximum-recipients 0

!

!

!

!

interface Ethernet2/0

description Intranet

ip address 192.168.0.1 255.255.255.0

ip nat inside

half-duplex

no mop enabled

!

interface Ethernet2/1

description Internet

ip address 64.171.42.211 255.255.255.248

ip nat outside

half-duplex

!

interface Ethernet3/0

no ip address

shutdown

half-duplex

!

interface Ethernet3/1

no ip address

shutdown

half-duplex

!

ip nat inside source list 1 interface Ethernet2/1 overload

ip classless

ip route 0.0.0.0 0.0.0.0 64.171.42.209

ip http server

ip pim bidir-enable

!

!

access-list 1 permit 192.168.0.10

access-list 1 permit 192.168.0.1

!

!

call rsvp-sync

!

!

mgcp profile default

!

dial-peer cor custom

!

!

!

!

!

line con 0

exec-timeout 0 0

password Cisco

logging synchronous

login

line aux 0

line vty 0 4

password Cisco

login

!

!

end

Actions

This Discussion