Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Community Member

Help with NAT

Hi All,

 

need help with nat setup, so my setup is as follows (just on packet tracer), i have 4 routers which can be seen below , R1, R2, R3 and the Gateway 1.1.1.1 which is supposed to be my isp. so will refer to it as ISP.

If i ignore R2, and concentrate on R1 setup. 

R1 has two interfaces, one connects to 192.168.1.0/23 network with ip 192.168.1.1 which goes to the switch and then has another interface which is on a

10.10.10.0/30 subnet with IP 10.10.10.6

R3 also has two interfaces, again 10.10.10.0/30 with ip 10.10.10.5 , communication between R1 and R3 is fine

R3 other interface is on a serial connection with network 1.1.1.0/30 and ip 1.1.1.2 , which connects to the ISP router 

ISP router only has one interface subnet 1.1.1.0/30 , ip 1.1.1.1

R3 and the ISP can ping between each other, but R1 cannot ping the ISP

I added a route to the isp for the 10.10.10.0/24 network to go to 1.1.1.2 and then pings worked fine.

But in real world this would not happen, i want to simulate NAT so that when i ping from R1 , it hits its default gateway which is R3 , then R3 NATs the traffic out on its 1.1.1.2 address, then NATs it back on the incoming to the 10.10.10.0/24 network?

I've tried various things and read a fair few articles but still not getting anywhere

R3 and ISP are connected both on serial2/0

R1 and R3 are conencted via R3 fastEthernet1/0 and R1 Gigabitethernet0/2

R1 does have the route 0.0.0.0 0.0.0.0 10.10.10.5 in its config and R3 has same except routes to 1.1.1.1

can someone please explain the commands i would need to put into all the routers to get NAT working correctly?

 

 

Configs are below incase anyone wants a flick through, and thank you for taking the time to read and reply.

 

R1 config

 

Current configuration : 858 bytes

!

version 15.1

no service timestamps log datetime msec

no service timestamps debug datetime msec

service password-encryption

!

hostname Router

!

!

!

enable secret 5 $1$mERr$hx5rVt7rPNoS4wqbXKX7m0

!

!

!

!

ip cef

no ipv6 cef

!

!

!

!

license udi pid CISCO2911/K9 sn FTX1524R5SC

!

!

!

!

!

!

!

!

!

!

!

spanning-tree mode pvst

!

!

!

!

!

!

interface GigabitEthernet0/0

ip address 192.168.1.1 255.255.255.0

duplex auto

speed auto

!

interface GigabitEthernet0/1

no ip address

duplex auto

speed auto

shutdown

!

interface GigabitEthernet0/2

ip address 10.10.10.6 255.255.255.252

duplex auto

speed auto

!

interface Vlan1

no ip address

shutdown

!

ip classless

ip route 0.0.0.0 0.0.0.0 10.10.10.5

!

ip flow-export version 9

!

!

!

!

!

!

!

line con 0

exec-timeout 0 0

password 7 0822455D0A16

logging synchronous

!

line aux 0

!

line vty 0 4

login

!

!

!

end

 

 

R3 config

 


Current configuration : 957 bytes
!
version 12.2
no service timestamps log datetime msec
no service timestamps debug datetime msec
service password-encryption
!
hostname Router
!
!
!
enable secret 5 $1$mERr$hx5rVt7rPNoS4wqbXKX7m0
!
!
!
!
ip cef
no ipv6 cef
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
interface FastEthernet0/0
 ip address 10.10.10.1 255.255.255.252
 ip nat outside
 duplex auto
 speed auto
!
interface FastEthernet1/0
 ip address 10.10.10.5 255.255.255.252
 ip nat outside
 duplex auto
 speed auto
!
interface Serial2/0
 ip address 1.1.1.2 255.255.255.252
 ip nat inside
 clock rate 2000000
!
interface Serial3/0
 no ip address
 clock rate 2000000
 shutdown
!
interface FastEthernet4/0
 no ip address
 shutdown
!
interface FastEthernet5/0
 no ip address
 shutdown
!
ip classless
ip route 0.0.0.0 0.0.0.0 1.1.1.1 
!
ip flow-export version 9
!
!
!
!
!
!
!
line con 0
 exec-timeout 0 0
 password 7 0822455D0A16
 logging synchronous
 login
!
line aux 0
!
line vty 0 4
 login
!
!
!
end

 

 

ISP Router config

 

Current configuration : 996 bytes

!

version 12.2

no service timestamps log datetime msec

no service timestamps debug datetime msec

service password-encryption

!

hostname Router

!

!

!

enable secret 5 $1$mERr$hx5rVt7rPNoS4wqbXKX7m0

!

!

!

!

ip cef

no ipv6 cef

!

!

!

!

!

!

!

!

!

!

!

!

!

!

!

!

!

!

interface FastEthernet0/0

no ip address

duplex auto

speed auto

shutdown

!

interface FastEthernet1/0

no ip address

duplex auto

speed auto

shutdown

!

interface Serial2/0

ip address 1.1.1.1 255.255.255.252

!

interface Serial3/0

no ip address

shutdown

!

interface FastEthernet4/0

no ip address

shutdown

!

interface FastEthernet5/0

no ip address

shutdown

!

interface Serial6/0

no ip address

shutdown

!

interface Serial7/0

no ip address

shutdown

!

interface Serial8/0

no ip address

shutdown

!

interface Serial9/0

no ip address

shutdown

!

ip classless

!

ip flow-export version 9

!

!

!

!

!

!

!

line con 0

exec-timeout 0 0

password 7 0822455D0A16

logging synchronous

login

!

line aux 0

!

line vty 0 4

login

!

!

!

end

 

 

 

 

Everyone's tags (2)
1 REPLY
Community Member

Hi Gusy, i managed to get

Hi Gusy,

 

i managed to get this working creating a nat pool and an access list, then put the ip nat outside on serial2/0

 

and ip ant inside on the two fast ethernet ports

access-list was setup to accept all from 10.10.10.0 0.0.0.255

and pool was just on the one ip 1.1.1.2

 

But since putting this in, all is working!

42
Views
0
Helpful
1
Replies
CreatePlease to create content