Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Cisco 1711: Cannot get NAT to work

I have a Cisco 1711 which I am tyring to configure as a small-office router. It will assign DHCP addresses to computers on the LAN and provide them internet access. Router receives an IP from the ISP modem and router can ping hosts on the internet. PC sitting on the LAN behind the router are receiving DHCP from the router but are not able to access internet. Any help is appreciated.

!
no aaa new-model
ip cef
!
!
no ip dhcp use vrf connected
!
ip dhcp pool SPODIGIBBUSERS
   network 10.50.50.0 255.255.255.0
   dns-server 8.8.8.8
   default-router 10.50.50.1
   lease 7
!
interface FastEthernet0
ip address dhcp
ip nat outside
ip virtual-reassembly
duplex auto
speed auto
!
interface FastEthernet1
!
interface FastEthernet2
!
interface FastEthernet3
!
interface FastEthernet4
!
interface Vlan1
ip address 10.50.50.1 255.255.255.0
ip nat inside
ip virtual-reassembly
!
interface Async1
no ip address
encapsulation slip
!
ip forward-protocol nd
!
!
ip nat inside source list 1 interface FastEthernet0 overload
!
access-list 1 permit any log
!
!
!
!
line con 0
line 1
stopbits 1
speed 115200
flowcontrol hardware
line aux 0
line vty 0 4
login
!

1 ACCEPTED SOLUTION

Accepted Solutions
Hall of Fame Super Blue

Re: Cisco 1711: Cannot get NAT to work

Can you just try something -

change the access-list 1 to be -

access-list 101 permit ip 10.50.50.0 0.0.0.255 any

ip nat inside source list 101 interface fa0 overload

and retest.

Jon

8 REPLIES
Hall of Fame Super Blue

Re: Cisco 1711: Cannot get NAT to work

Can you try to connect from a client and then post output from router of -

1) "sh ip nat translations"

2) "sh ip route"

Have you tried pinging an ip address on the internet as opposed to a name ?

Jon

New Member

Re: Cisco 1711: Cannot get NAT to work

From the router I am successfully pinging internet hosts, i am able to also telnet to google.com on port 80 and it is resolving correctly.

VIP Super Bronze

Re: Cisco 1711: Cannot get NAT to work

In addition to Jon's comment, I don't see a default route pointing to your outside interface or the IP address of the outside interface.

ip route 0.0.0.0 0.0.0.0 interface FastEthernet0

HTH

Reza

Hall of Fame Super Blue

Re: Cisco 1711: Cannot get NAT to work

sharifimr wrote:

In addition to Jon's comment, I don't see a default route pointing to your outside interface or the IP address of the outside interface.

ip route 0.0.0.0 0.0.0.0 interface FastEthernet0

HTH

Reza

Hi Reza

I saw that too but he said he could ping from the router to the internet so i figured the DHCP on the outside interface was supplying the route ? Not sure though.

Jon

New Member

Re: Cisco 1711: Cannot get NAT to work

that is correct - DHCP on the Fa0 (outside) interface is supplying a default route.

The nat translations does nto show any output when i ping from the laptop. when i ping from the router NAT table shows as below. I changed the

Pro Inside global      Inside local       Outside local      Outside global
icmp RTR_F0:23   10.50.50.1:23      4.2.2.2:23         4.2.2.2:23
icmp RTR_F0:24   10.50.50.1:24      8.8.8.8:24         8.8.8.8:24
udp RTR_F0:68    RTR_F0:68    10.0.0.1:67        10.0.0.1:67

show ip route
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
       E1 - OSPF external type 1, E2 - OSPF external type 2
       i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
       ia - IS-IS inter area, * - candidate default, U - per-user static route
       o - ODR, P - periodic downloaded static route

Gateway of last resort is DEF-RTR to network 0.0.0.0

     x.x.x.x/24 is subnetted, 1 subnets
C       x.x.x.x is directly connected, FastEthernet0
     10.0.0.0/8 is variably subnetted, 2 subnets, 2 masks
C       10.50.50.0/24 is directly connected, Vlan1
S       10.0.0.1/32 [254/0] via DEF-RTR, FastEthernet0
                    [254/0] via DEF-RTR
S*   0.0.0.0/0 [254/0] via DEF-RTR

Hall of Fame Super Blue

Re: Cisco 1711: Cannot get NAT to work

Can you just try something -

change the access-list 1 to be -

access-list 101 permit ip 10.50.50.0 0.0.0.255 any

ip nat inside source list 101 interface fa0 overload

and retest.

Jon

New Member

Re: Cisco 1711: Cannot get NAT to work

oh wow, that worked. i just changed and re-tested and it works like a charm.

if you are ever in the NYC area i will be getting you a few beers

Hall of Fame Super Blue

Re: Cisco 1711: Cannot get NAT to work

No problem, glad to have helped.

Jon

1138
Views
0
Helpful
8
Replies
CreatePlease to create content