Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

NAT is not working on 2811

Hi,

I'm trying to configure a 2811 with IOS 15.1 for NATTING. I have searched and read a lot and I don't see what I'm doing wrong. If anyone could give me some advice or show me what I'm missing or doing wrong.

I have checked if my ACL is getting hit -> none

When I'm doing static 1-to-1 NATTING it works.

Thanks in advance.

Here is my config:

Current configuration : 1456 bytes

!

! Last configuration change at 09:21:22 UTC Fri Sep 27 2013

version 15.1

service timestamps debug datetime msec

service timestamps log datetime msec

no service password-encryption

!

hostname flgw-utrecht

!

boot-start-marker

boot-end-marker

!

!

!

no aaa new-model

!

!

dot11 syslog

ip source-route

!

!

ip cef

!

!

!

ip domain name xxxxxxxxxx

no ipv6 cef

!

multilink bundle-name authenticated

!

!

!

!

!

!

!

!

!

!

!

voice-card 0

!

crypto pki token default removal timeout 0

!

!

!

!

license udi pid CISCO2811 sn xxxxxxxxx

vtp domain xxxxxxx

vtp mode transparent

!

redundancy

!

!

!

!

!

!

!

!

!

!

interface Loopback0 - for testing purposes

ip address 1.1.1.1 255.255.255.255

!

interface FastEthernet0/0 - LAN

ip address 192.168.40.1 255.255.255.0

ip nat inside

ip virtual-reassembly in

duplex auto

speed auto

!

interface FastEthernet0/1 - INTERNET - My host can ping up to here

ip address xx.xx.xx.130 255.255.255.248

ip nat outside

ip virtual-reassembly in

duplex full

speed 100

!

!

router eigrp 1

network 192.168.0.0 0.0.255.255

network 192.168.40.1 0.0.0.0

!

ip forward-protocol nd

no ip http server

no ip http secure-server

!

!

ip nat inside source list 100 interface FastEthernet0/1 overload

ip route 0.0.0.0 0.0.0.0 xx.xx.xx.129 - IP on provider router

!

access-list 100 permit ip 192.168.100.0 0.0.0.255 any log - My host subnet

!

!

!

!

!

!

control-plane

!

!

!

!

mgcp profile default

!

!

!

!

!

!

line con 0

line aux 0

line vty 0 4

login

transport input all

!

scheduler allocate 20000 1000

end

  • LAN Switching and Routing
Everyone's tags (1)
17 REPLIES

NAT is not working on 2811

hi,

kindly re-configure your NAT ACL:

access-list 100 permit ip 192.168.40.0 0.0.0.255 any log

New Member

NAT is not working on 2811

hi johnlloyd_13,

Thanks you for replying.

I changed this but it still did not work.

My host has the IP 192.168.100.2/24. I thought I have to allow this subnet. Because this is the source and this does not change right?

NAT is not working on 2811

Hmmmnnn... NAT config is correct after you modified the ACL 100.

Can you enter this commands on the router and post the output here.

ping 4.2.2.2 source f0/0

!

sh ip nat trans

Please rate replies and mark question as "answered" if applicable.

Please rate replies and mark question as "answered" if applicable.
New Member

NAT is not working on 2811

Hi rr_cuares,

My setup is currently not on the internet. So I cannot ping 4.2.2.2

I'm simulating the connection between my NAT router and my ISP router.

My NAT router can ping the ISP router, that's no problem because the NAT router is directly connected. My host cannot ping the ISP router with my current NAT config. Only when I configure static NAT 1-to-1 it works.

I can try to draw the situation if that helps.

NAT is not working on 2811

hi,

how many subnets are there over your LAN?

you should modify your LAN interface or add a secondary LAN IP.

interface fa0/0

ip address 192.168.100.1 255.255.255.0

access-list 100 permit ip 192.168.100.0 0.0.0.255 any log

New Member

NAT is not working on 2811

I have different SVI in my switch configure. I have just placed 1 host in a particular subnet which is the 192.168.100.0/24, the SVI has IP address 192.168.100.250, the host has IP 192.168.100.2. I have a static ip route 0.0.0.0 0.0.0.0 that points to 192.168.40.1 which is the NAT router IP address facing my switch. I have eigrp running between my NAT router and my switch, so my NAT router knows how to get back to my switch.

NAT is not working on 2811

could you post a network diagram or give a text diagram?

is your 2811 able to ping the switch SVIs?

also post your switch config and omit sensitive data.

NAT is not working on 2811

try to put the accesslist in this way and try whether NAT is happening

access-list 100 permit ip 192.168.0.0 0.0.255.255 any log

New Member

NAT is not working on 2811

I already tried this. I have even tried permit ip any any. That did not work either. The ACL is not hit.

427
Views
0
Helpful
17
Replies