Re: Nat on Cisco 1841

stemond79 · ‎09-21-2010

Hi Forums,

i am new on the CISCO IOS.. I am configuring my cisco 1841 with hwic-1t serial port but i have problems with nat for my LAN.

The router "pings" all IP addresses but all LAN doesn't navigate. Where is my mistake ?

interface Loopback0
description IP pubblico router
bandwidth 1536
ip address xxxxx 255.255.255.248
no ip redirects
no ip unreachables
no ip proxy-arp
ip nat outside
ip virtual-reassembly
no ip route-cache cef
no ip route-cache
no ip mroute-cache
!
interface FastEthernet0/0
ip address 10.10.10.1 255.255.255.248
duplex auto
speed auto
!
interface FastEthernet0/1
description lan Sacerno$ES_LAN$
ip address 192.168.126.3 255.255.255.0
no ip redirects
no ip unreachables
no ip proxy-arp
ip nat inside
ip virtual-reassembly
no ip route-cache cef
no ip route-cache
no ip mroute-cache
duplex auto
speed auto
no cdp enable

interface Serial0/0/0
description HDSL TELECOM SERIAL INTERFACE
no ip address
no ip proxy-arp
encapsulation frame-relay IETF
no ip route-cache cef
no ip route-cache
no ip mroute-cache
no fair-queue
frame-relay lmi-type cisco
!
interface Serial0/0/0.1 point-to-point
description SubInterfaccia HDSL TELECOM
ip address xxxxxxx 255.255.255.252
no ip redirects
no ip unreachables
no ip proxy-arp
no ip route-cache
no ip mroute-cache
snmp trap link-status
no cdp enable
frame-relay interface-dlci xxx IETF
!

ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 Serial0/0/0.1

!
!
ip http server
ip http access-class 23
ip http authentication local
ip http timeout-policy idle 60 life 86400 requests 10000
ip nat inside source list 110 interface Loopback0 overload
ip nat inside source static tcp 192.168.126.4 80 xxxxxxxx 80 extendable
!
access-list 23 permit 0.0.0.49 255.255.255.0
access-list 23 permit 0.0.0.48 255.255.255.0

access-list 110 permit ip 192.168.126.0 0.0.0.255 any

thanks to all

Stefano

Jon Marshall · ‎09-21-2010

Stefano

Why are you natting on the loopback interface ie. "ip nat outside", why not on the serial0/0/0.1 ?

Jon

stemond79 · ‎09-21-2010

Jon,

i want to Nat on LoopBack interface because loopback has Router IP public

Serial0/0/0.1 has PointToPoint IP public.

i want to address my LAN on Internet with Router IP not PointToPoint IP.

Jon Marshall · ‎09-21-2010

Trouble is the packets are not routed via the loopback address ie. they come from your LAN then go straight out of the serial interface so the NAT is never applied. Try this config instead -

1) remove loopback

2) add this to your router -

int s0/0/0.1

ip nat outside

ip nat pool NPOOL 217.10.10.1 217.10.10.1 netmask 255.255.255.252 <-- where 217.10.10.1 should be replaced with your current loopback address

ip nat inside source list 110 pool NPOOL overload

Jon

stemond79 · ‎10-11-2010

ok Jon, thanks!

I tried your solutions and works!

The clients go to internet with IP router but i want to assign the same public IP address to Router .

I modify my configuration as

interface Serial0/0/0.1 point-to-point
description SubInterfaccia HDSL TELECOM
ip address 88.35.89.XX 255.255.255.252 secondary (public PointTOPoint)
ip address 88.38.192.XXX 255.255.255.248 (my public IP)
no ip redirects
no ip unreachables
no ip proxy-arp
ip nat outside
ip virtual-reassembly
no ip route-cache
no ip mroute-cache
snmp trap link-status
no cdp enable
frame-relay interface-dlci 146 IETF
!

ip nat pool NPOOL 88.38.192.XXX 88.38.192.XXX netmask 255.255.255.248 (a)
ip nat inside source static tcp 192.168.126.4 80 88.38.192.XXX 80 extendable (b)

Why rule (b) doesn't work ?

the rule (a) has precedence by rule (b) ??