Re: NAT Problems

rbennett · ‎01-25-2002

I have a cisco 2620 with one ethernet e0. I have a public address 65.217.x.x assigned to it and a private secondary address of 192.168.47.1. I need to use NAT on the inside private LAN for client pc's to access the internet.

I have do so far:

interface ethernet 0

ip address 192.168.47.1 255.255.255.0 secondary

ip nat inside

!

interface serial 0

ip address 65.217.x.x 255.255.255.248

ip nat outside

!

ip nat pool no-overload 65.217.x.x-65.217.x.x prefix 24

ip nat inside source list 7 pool no-overload

access-list 7 permit 192.168.0.0 0.0.0.255

Clients assigned private 192.168.47.x not accessing internet.

Any suggestions?

MickPhelps · ‎01-25-2002

Check your mask on the access-list.

Should probably read:

access-list 7 permit 192.168.47.1 0.0.0.255

or

access-list 7 permit 192.168.0.0 0.0.255.255

Mick.

rbennett · ‎01-25-2002

That did not do it. I must be missing something.

Do I need a specific default route set on the router or something?

MickPhelps · ‎01-25-2002

Is this your entire config? I thought it was just trimmed down.

Yes.

You need to have a statement like:

ip route 0.0.0.0 0.0.0.0 serial0

Are you using Frame, PPP, or HDLC on your serial connection? Its an odd mask for anything but frame.

Can you ping from the router to the internet?

Mick.

rbennett · ‎01-25-2002

Frame just for internet access

Gateway of last resort is 0.0.0.0 to network 0.0.0.0

C 192.168.47.0/24 is directly connected, FastE

65.0.0.0/29 is subnetted, 1 subnets

C 65.217.209.40 is directly connected, Fast

S* 0.0.0.0/0 is directly connected, Serial0/0.1

One thing I noticed is when I show ip interface I do not see access-list 7 defined anywhere.

rbennett · ‎01-25-2002

yes..i can ping the router from the internet. The public addresses work fine.

MickPhelps · ‎01-25-2002

Why are you using the public address on the ethernet interface? It should be private address.

There isn't enough information in the config to help much more. I would guess that the problem lies with your NAT pool. Are ALL of the IPs in the range unused (except for NAT)? Are you POSITIVE that your ISP is forwarding the entire range to you?

You can try to:

disable NAT and use one of the NAT IP addresses on your ethernet interface.

Ping that interface from the Net.

Use PAT (overload on serial0.1)

Verify that the IP range you're using isn't the same as your serial interface's.

One of these should work... If you can't even use PAT, you have a more basic problem.

Mick.

rbennett · ‎01-25-2002

Mick,

It seems to be working now. Although the web pages are not coming up real fast. Downloading a file is great.

I have the nat pool set to one address should I change that to muliple addresses?

Also, how do I update the router to save the config.

It seems like it loses it when the power is shut off to the router.

MickPhelps · ‎01-25-2002

Yes. Unless you're using the "overload" statement on NAT, you need more than one IP address in your pool. Preferabley for as many inside users as will access the network. If you only have one, it will work for the first person, then fail for everyone else until it times out.

To save your config, use one of the following commands (they all do the same thing):

write memory

wr mem

copy running_config startup_config

copy run start

Mick.

rbennett · ‎01-25-2002

You have been a big help.

Thanks.