NAT works on local segment only

Unanswered Question
Nov 8th, 2003
User Badges:

While trying to set up nat i ran into a problem here is it.


Cisco 2621 with two T1 WICs s0/0 and s0/1

with a default route to each serial interface


my config before was

s0/0=65.81.249.86/30 next hop=65.81.249.85

s0/1=65.81.249.90/30 next hop=65.81.249.89

fa0/0=65.172.227.1/24


a client connected directly to fa0/0 via crossover with this ip x.x.227.2/24 can reach the internet


then i started to setup NAT




rrg-router#show run

Building configuration...


Current configuration : 1122 bytes

!

version 12.3

service timestamps debug uptime

service timestamps log uptime

service password-encryption

!

hostname rrg-router

!

!

no ip subnet-zero

!

!

no ip domain lookup

!

!

!

!

!

interface FastEthernet0/0

ip address 172.18.1.1 255.255.255.0

ip nat inside

no ip route-cache

no ip mroute-cache

speed 100

full-duplex

!

interface Serial0/0

ip address x.x.x.86 255.255.255.252

ip nat outside

no ip route-cache

no ip mroute-cache

load-interval 30

service-module t1 timeslots 1-24

!

interface FastEthernet0/1

ip address x.x.x.1 255.255.255.0

no ip route-cache

no ip mroute-cache

shutdown

speed 100

full-duplex

!

interface Serial0/1

ip address x.x.x.90 255.255.255.252

no ip redirects

no ip route-cache

no ip mroute-cache

load-interval 30

shutdown

service-module t1 timeslots 1-24

!

ip default-gateway 160.81.249.85

ip nat inside source list 1 interface Serial0/0 overload

no ip http server

no ip classless

ip route 0.0.0.0 0.0.0.0 Serial0/0

!

!

access-list 1 permit any

!

line con 0

exec-timeout 0 0

logging synchronous

line aux 0

line vty 0 4

password xxxx

login

!

!

!

end




rrg-router#show ip nat trans

Pro Inside global Inside local Outside local Outside global

icmp x.x.249.86:80 x.x.249.86:80 68.146.82.201:3760 68.146.82.201:3760

icmp x.x.249.86:53 x.x.249.86:53 65.125.153.9:43974 65.125.153.9:43974

icmp x.x.249.86:27316 x.x.249.86:27316 68.100.100.184:27316 68.100.100.184:27316

tcp 160.81.249.86:3891 172.18.1.2:3891 129.244.36.163:2254 129.244.36.163:2254

icmp 160.81.249.86:256 160.81.249.86:256 80.46.148.113:256 80.46.148.113:256

icmp 160.81.249.86:53 160.81.249.86:53 138.64.4.2:53 138.64.4.2:53

icmp 160.81.249.86:80 160.81.249.86:80 65.212.188.100:57381 65.212.188.100:57381

icmp 160.81.249.86:53 160.81.249.86:53 66.150.179.79:16534 66.150.179.79:16534

udp 160.81.249.86:1026 172.18.1.2:1026 204.117.214.10:53 204.117.214.10:53

icmp 160.81.249.86:80 160.81.249.86:80 65.212.188.100:57390 65.212.188.100:57390

icmp 160.81.249.86:80 160.81.249.86:80 65.212.188.100:57402 65.212.188.100:57402

icmp 160.81.249.86:80 160.81.249.86:80 65.212.188.100:57403 65.212.188.100:57403

icmp 160.81.249.86:53 160.81.249.86:53 65.126.181.101:61380 65.126.181.101:61380

icmp 160.81.249.86:80 160.81.249.86:80 65.212.188.100:57455 65.212.188.100:57455



rrg-router#show ip nat sta

Total active translations: 55 (0 static, 55 dynamic; 55 extended)

Outside interfaces:

Serial0/0

Inside interfaces:

FastEthernet0/0

Hits: 2436 Misses: 1466

Expired translations: 1307

Dynamic mappings:

-- Inside Source

[Id: 6] access-list 1 interface Serial0/0 refcount 55




it breaks. i can't reach the internet, ping or http. any suggestions? is there a way you can overload both serial interfaces?

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
m.matteson Sat, 11/08/2003 - 16:45
User Badges:

resolved. the problem was that sprint was passing packets from the 65.x.x.x and not from 160.x.x.x i overloaded to a nat pool and it works fine.

Actions

This Discussion