01-22-2003 12:24 AM - edited 03-02-2019 04:24 AM
I am trying to enable NAT on my 3640, but something is wrong with my configuration. I have a basic static NAT translation with an internal host of 192.168.0.10. The inside router interface is 192.168.0.1. The outside interface is 64.171.42.211 and the gateway is 64.171.42.209. A static route exists to 64.171.42.209. However, NAT is not working because my host which is at 192.168.0.10 can ping 192.168.0.1, but that is it.. Any ideas?
Current configuration : 1084 bytes
!
version 12.2
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
!
hostname Cisco
!
!
ip subnet-zero
!
!
ip name-server 206.13.28.12
!
ip audit notify log
ip audit po max-events 100
!
!
!
!
!
!
!
!
fax interface-type fax-mail
mta receive maximum-recipients 0
!
!
!
!
interface Ethernet2/0
description Intranet
ip address 192.168.0.1 255.255.255.0
ip nat inside
half-duplex
no mop enabled
!
interface Ethernet2/1
description Internet
ip address 64.171.42.211 255.255.255.248
ip nat outside
half-duplex
!
interface Ethernet3/0
no ip address
shutdown
half-duplex
!
interface Ethernet3/1
no ip address
shutdown
half-duplex
!
ip nat inside source static 192.168.0.1 64.171.42.211
ip classless
ip route 0.0.0.0 0.0.0.0 64.171.42.209
ip http server
ip pim bidir-enable
!
!
!
!
call rsvp-sync
!
!
mgcp profile default
!
dial-peer cor custom
!
!
!
!
!
line con 0
exec-timeout 0 0
password Cisco
logging synchronous
login
line aux 0
line vty 0 4
password Cisco
login
!
!
end
01-22-2003 01:52 AM
Remove:
ip nat inside source static 192.168.0.1 64.171.42.211
Add
ip nat inside source list 1 interface Ethernet2/1 overload
access-list 1 permit 192.168.0.0 0.0.0.255
That'll do the trick
Ali
01-22-2003 01:09 PM
Never mind, I got it now, thanks.
01-22-2003 01:59 AM
Hi, your objective is not quite clear but here are some info:
It is normal that the host (192.168.0.10) is able to ping
the Ethernet2/0's ip add because they are on the same segment
and no translation should happen because the packet will not
be 'switched' to Ethernet2/1.
However, if you want to use Ethernet2/1's public ip add (64.171.42.211)
as your host's outside ip add, you can try the following config:
access-list 1 permit host 192.168.0.1
access-list 1 permit host 192.168.0.10
ip nat inside source list 1 interface Ethernet2/1 overload
(The above config allows only Eth2/0 and the host to be
translated using Eth2/1's ip add)
(remove the "ip nat inside source static 192.168.0.1 64.171.42.211" )
So I guess what you want to achieve is for the host (192.168.0.10)
to be able to access the outside (or the internet) using the
ip address 64.171.42.211.
Hope this helps.
01-22-2003 08:10 AM
I want the host at 192.168.0.10 to be able to get on the Internet. So far, the IP NAT TRANSLATIONS shows nothing. The 192.168.0.10 MIcrosoft Windows XP-based host can ping 192.168.0.1 (the host gateway and DNS server is defined as 192.168.0.1). The 192.168.0.10 host is connected to a Cisco 2924XL switch (it also has an inside address but for management purposes), which is then connected to the router.
A static default route goes to 64.171.42.209, which is the ISP gateway.
version 12.2
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
!
hostname Cisco
!
enable secret 5 $1$3rNz$QK9.t4zOpmVzIKXNKxBQ9.
!
ip subnet-zero
!
!
ip name-server 206.13.28.12
!
ip audit notify log
ip audit po max-events 100
!
!
!
!
!
!
!
!
fax interface-type fax-mail
mta receive maximum-recipients 0
!
!
!
!
interface Ethernet2/0
description Intranet
ip address 192.168.0.1 255.255.255.0
ip nat inside
half-duplex
no mop enabled
!
interface Ethernet2/1
description Internet
ip address 64.171.42.211 255.255.255.248
ip nat outside
half-duplex
!
interface Ethernet3/0
no ip address
shutdown
half-duplex
!
interface Ethernet3/1
no ip address
shutdown
half-duplex
!
ip nat inside source list 1 interface Ethernet2/1 overload
ip classless
ip route 0.0.0.0 0.0.0.0 64.171.42.209
ip http server
ip pim bidir-enable
!
!
access-list 1 permit 192.168.0.10
access-list 1 permit 192.168.0.1
!
!
call rsvp-sync
!
!
mgcp profile default
!
dial-peer cor custom
!
!
!
!
!
line con 0
exec-timeout 0 0
password Cisco
logging synchronous
login
line aux 0
line vty 0 4
password Cisco
login
!
!
end
01-22-2003 01:10 PM
Got it now, thanks anyway.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide