Easy NAT configuration question

sp2960655 · ‎01-22-2003

I am trying to enable NAT on my 3640, but something is wrong with my configuration. I have a basic static NAT translation with an internal host of 192.168.0.10. The inside router interface is 192.168.0.1. The outside interface is 64.171.42.211 and the gateway is 64.171.42.209. A static route exists to 64.171.42.209. However, NAT is not working because my host which is at 192.168.0.10 can ping 192.168.0.1, but that is it.. Any ideas?

Current configuration : 1084 bytes

!

version 12.2

service timestamps debug uptime

service timestamps log uptime

no service password-encryption

!

hostname Cisco

!

ip subnet-zero

!

ip name-server 206.13.28.12

!

ip audit notify log

ip audit po max-events 100

!

fax interface-type fax-mail

mta receive maximum-recipients 0

!

interface Ethernet2/0

description Intranet

ip address 192.168.0.1 255.255.255.0

ip nat inside

half-duplex

no mop enabled

!

interface Ethernet2/1

description Internet

ip address 64.171.42.211 255.255.255.248

ip nat outside

half-duplex

!

interface Ethernet3/0

no ip address

shutdown

half-duplex

!

interface Ethernet3/1

no ip address

shutdown

half-duplex

!

ip nat inside source static 192.168.0.1 64.171.42.211

ip classless

ip route 0.0.0.0 0.0.0.0 64.171.42.209

ip http server

ip pim bidir-enable

!

call rsvp-sync

!

mgcp profile default

!

dial-peer cor custom

!

line con 0

exec-timeout 0 0

password Cisco

logging synchronous

login

line aux 0

line vty 0 4

password Cisco

login

!

end

ali-franks · ‎01-22-2003

Remove:

ip nat inside source static 192.168.0.1 64.171.42.211

Add

ip nat inside source list 1 interface Ethernet2/1 overload

access-list 1 permit 192.168.0.0 0.0.0.255

That'll do the trick

Ali

sp2960655 · ‎01-22-2003

Never mind, I got it now, thanks.

a.manosca · ‎01-22-2003

Hi, your objective is not quite clear but here are some info:

It is normal that the host (192.168.0.10) is able to ping

the Ethernet2/0's ip add because they are on the same segment

and no translation should happen because the packet will not

be 'switched' to Ethernet2/1.

However, if you want to use Ethernet2/1's public ip add (64.171.42.211)

as your host's outside ip add, you can try the following config:

access-list 1 permit host 192.168.0.1

access-list 1 permit host 192.168.0.10

ip nat inside source list 1 interface Ethernet2/1 overload

(The above config allows only Eth2/0 and the host to be

translated using Eth2/1's ip add)

(remove the "ip nat inside source static 192.168.0.1 64.171.42.211" )

So I guess what you want to achieve is for the host (192.168.0.10)

to be able to access the outside (or the internet) using the

ip address 64.171.42.211.

Hope this helps.

sp2960655 · ‎01-22-2003

I want the host at 192.168.0.10 to be able to get on the Internet. So far, the IP NAT TRANSLATIONS shows nothing. The 192.168.0.10 MIcrosoft Windows XP-based host can ping 192.168.0.1 (the host gateway and DNS server is defined as 192.168.0.1). The 192.168.0.10 host is connected to a Cisco 2924XL switch (it also has an inside address but for management purposes), which is then connected to the router.

A static default route goes to 64.171.42.209, which is the ISP gateway.

version 12.2

service timestamps debug uptime

service timestamps log uptime

no service password-encryption

!

hostname Cisco

!

enable secret 5 $1$3rNz$QK9.t4zOpmVzIKXNKxBQ9.

!

ip subnet-zero

!

ip name-server 206.13.28.12

!

ip audit notify log

ip audit po max-events 100

!

fax interface-type fax-mail

mta receive maximum-recipients 0

!

interface Ethernet2/0

description Intranet

ip address 192.168.0.1 255.255.255.0

ip nat inside

half-duplex

no mop enabled

!

interface Ethernet2/1

description Internet

ip address 64.171.42.211 255.255.255.248

ip nat outside

half-duplex

!

interface Ethernet3/0

no ip address

shutdown

half-duplex

!

interface Ethernet3/1

no ip address

shutdown

half-duplex

!

ip nat inside source list 1 interface Ethernet2/1 overload

ip classless

ip route 0.0.0.0 0.0.0.0 64.171.42.209

ip http server

ip pim bidir-enable

!

access-list 1 permit 192.168.0.10

access-list 1 permit 192.168.0.1

!

call rsvp-sync

!

mgcp profile default

!

dial-peer cor custom

!

line con 0

exec-timeout 0 0

password Cisco

logging synchronous

login

line aux 0

line vty 0 4

password Cisco

login

!

end

sp2960655 · ‎01-22-2003

Got it now, thanks anyway.