Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

a problem with NAT on a stick

This is a cisco 1721 router ,I configure it with NAT on a stick, the configuration is follow...

-------------------------------------------------------------------------------------------------

Building configuration...

Current configuration : 1258 bytes

!

version 12.3

service timestamps debug datetime msec

service timestamps log datetime msec

no service password-encryption

!

hostname aaa

!

boot-start-marker

boot-end-marker

!

enable secret xxxx

!

mmi polling-interval 60

no mmi auto-configure

no mmi pvc

mmi snmp-timeout 180

no aaa new-model

ip subnet-zero

ip cef

!

!

!

no ip domain lookup

no ftp-server write-enable

!

!

!

!

interface Loopback0

ip address 10.0.1.1 255.255.255.252

ip nat outside

!

interface Ethernet0

ip address 192.168.66.88 255.255.255.0 secondary

ip address 10.0.0.2 255.255.255.0

ip nat inside

ip policy route-map nat-loop

half-duplex

!

interface FastEthernet0

no ip address

shutdown

speed auto

!

ip nat pool external 192.168.66.5 192.168.66.6 prefix-length 30

ip nat inside source list 10 pool external overload

ip classless

ip route 0.0.0.0 0.0.0.0 192.168.66.66

no ip http server

!

access-list 10 permit 10.0.0.0 0.0.0.255

access-list 102 permit ip any 192.168.66.4 0.0.0.3

access-list 102 permit ip 10.0.0.0 0.0.0.255 any

access-list 177 permit icmp any any

access-list 177 permit icmp any any log

route-map nat-loop permit 10

match ip address 102

set ip next-hop 10.0.1.2

!

!

line con 0

line aux 0

line vty 0 4

password cisco

login

!

!

end

aaa#

Connection to host lost.

------------------------------------------

I can see some NAT translation entry :

aaa#show ip nat translations

Pro Inside global Inside local Outside local Outside global

udp 192.168.66.6:1214 10.0.0.112:1214 202.96.128.68:53 202.96.128.68:53

udp 192.168.66.6:1214 10.0.0.112:1214 202.96.128.143:53 202.96.128.143:53

icmp 192.168.66.6:768 10.0.0.112:768 202.96.128.143:768 202.96.128.143:768

udp 192.168.66.6:3 10.0.0.112:138 10.0.0.255:138 10.0.0.255:138

aaa#

------------------------------------------

But on my PC (10.0.0.112) can't connection the internet, can't ping the internet, Why ???

If my router's configuration is wrong , please tell me ,thanks

I configure the above is according the cisco's article,

http://www.cisco.com/en/US/tech/ ... 86a0080094430.shtml

4 REPLIES
New Member

Re: a problem with NAT on a stick

My debug output:

-------------------------------------

User Access Verification

Password:

aaa>en

Password:

aaa#show

aaa#de

aaa#deb

aaa#debug ip pac

aaa#debug ip packet

IP packet debugging is on

aaa#ter

aaa#terminal mi

aaa#terminal min

aaa#terminal mino

aaa#terminal m

aaa#terminal moo

aaa#terminal mo

aaa#terminal mon

aaa#terminal monitor

aaa#

*Mar 1 00:31:45.999: IP: s=10.0.0.2 (local), d=10.0.0.5 (Ethernet0), len 63, se

nding

*Mar 1 00:31:46.143: IP: tableid=0, s=10.0.0.5 (Ethernet0), d=10.0.0.2 (Etherne

t0), routed via RIB

*Mar 1 00:31:46.143: IP: s=10.0.0.5 (Ethernet0), d=10.0.0.2 (Ethernet0), len 40

, rcvd 3

*Mar 1 00:31:46.239: IP: tableid=0, s=10.0.0.5 (Ethernet0), d=10.255.255.255 (E

thernet0), routed via FIB

*Mar 1 00:31:46.239: IP: tableid=0, s=10.0.0.5 (Ethernet0), d=10.0.0.2 (Etherne

t0), routed via RIB

*Mar 1 00:31:46.243: IP: s=10.0.0.5 (Ethernet0), d=10.0.0.2 (Ethernet0), len 42

, rcvd 3

*Mar 1 00:31:46.243: IP: tableid=0, s=10.0.0.2 (local), d=10.0.0.5 (Ethernet0),

routed via FIB

*Mar 1 00:31:46.243: IP: s=10.0.0.2 (local), d=10.0.0.5 (Ethernet0), len 42, se

nding

*Mar 1 00:31:46.259: IP: tableid=0, s=10.0.0.2 (local), d=10.0.0.5 (Ethernet0),

routed via FIB

*Mar 1 00:31:46.579: IP: tableid=0, s=192.168.66.154 (Ethernet0), d=192.168.66.

255 (Ethernet0), routed via RIB

*Mar 1 00:31:46.579: IP: s=192.168.66.154 (Ethernet0), d=192.168.66.255 (Ethern

et0), len 202, rcvd 3

*Mar 1 00:31:46.579: IP: tableid=0, s=192.168.66.154 (Ethernet0), d=192.168.66.

255 (Ethernet0), routed via RIB

*Mar 1 00:31:46.579: IP: s=192.168.66.154 (Ethernet0), d=192.168.66.255 (Ethern

et0), len 78, rcvd 3

*Mar 1 00:31:47.095: IP: tableid=0, s=10.0.0.2 (local), d=10.0.0.5 (Ethernet0),

routed via FIB

*Mar 1 00:31:47.099: IP: tableid=0, s=10.0.0.2 (local), d=10.0.0.5 (Ethernet0),

routed via FIB

*Mar 1 00:31:47.327: IP: tableid=0, s=192.168.66.154 (Ethernet0), d=192.168.66.

255 (Ethernet0), routed via RIB

*Mar 1 00:31:47.327: IP: s=192.168.66.154 (Ethernet0), d=192.168.66.255 (Ethern

et0), len 78, rcvd 3

*Mar 1 00:31:47.863: IP: s=192.168.66.6 (Ethernet0), d=202.96.128.143 (Loopback

0), g=10.0.1.2, len 70, forward

*Mar 1 00:31:47.863: IP: s=192.168.66.6 (Ethernet0), d=202.96.128.68 (Loopback0

), g=10.0.1.2, len 70, forward

*Mar 1 00:31:47.863: IP: tableid=0, s=192.168.66.6 (Loopback0), d=202.96.128.14

3 (Ethernet0), routed via FIB

*Mar 1 00:31:47.867: IP: s=192.168.66.6 (Loopback0), d=202.96.128.143 (Ethernet

0), g=192.168.66.66, len 70, forward

*Mar 1 00:31:47.867: IP: tableid=0, s=192.168.66.6 (Loopback0), d=202.96.128.68

(Ethernet0), routed via FIB

*Mar 1 00:31:47.867: IP: s=192.168.66.6 (Loopback0), d=202.96.128.68 (Ethernet0

), g=192.168.66.66, len 70, forward

Purple

Re: a problem with NAT on a stick

Hi,

Out of curiosity, is there another box that you are connecting to that is NAT'ing the 192.168.x.x addresses to public addresses ? If not, the problem could be that the internet destinations you are going to cannot route back to you since your addresses are from the private address range.

Hope that helps - pls rate the post if it does.

Paresh

New Member

Re: a problem with NAT on a stick

oh,sorry, I donn't say it clearly,I make the configuration in my intranet ,

the topology is show below:

my pc--->switch-->firewall -->router----->internet

|

|

teset router

the above configuration is on the test router, That firewall left is private IP address ,right is public IP address .

New Member

Re: a problem with NAT on a stick

sorry,the topology above is a bit wrong ,my pc and the test router is all connected to the internal switch ,,,

hehe

thank you !!!

144
Views
0
Helpful
4
Replies
CreatePlease to create content