01-25-2002 06:34 AM - edited 03-01-2019 08:13 PM
I have a cisco 2620 with one ethernet e0. I have a public address 65.217.x.x assigned to it and a private secondary address of 192.168.47.1. I need to use NAT on the inside private LAN for client pc's to access the internet.
I have do so far:
interface ethernet 0
ip address 192.168.47.1 255.255.255.0 secondary
ip nat inside
!
interface serial 0
ip address 65.217.x.x 255.255.255.248
ip nat outside
!
ip nat pool no-overload 65.217.x.x-65.217.x.x prefix 24
ip nat inside source list 7 pool no-overload
access-list 7 permit 192.168.0.0 0.0.0.255
Clients assigned private 192.168.47.x not accessing internet.
Any suggestions?
01-25-2002 06:46 AM
Check your mask on the access-list.
Should probably read:
access-list 7 permit 192.168.47.1 0.0.0.255
or
access-list 7 permit 192.168.0.0 0.0.255.255
Mick.
01-25-2002 07:00 AM
That did not do it. I must be missing something.
Do I need a specific default route set on the router or something?
01-25-2002 07:10 AM
Is this your entire config? I thought it was just trimmed down.
Yes.
You need to have a statement like:
ip route 0.0.0.0 0.0.0.0 serial0
Are you using Frame, PPP, or HDLC on your serial connection? Its an odd mask for anything but frame.
Can you ping from the router to the internet?
Mick.
01-25-2002 07:22 AM
Frame just for internet access
Gateway of last resort is 0.0.0.0 to network 0.0.0.0
C 192.168.47.0/24 is directly connected, FastE
65.0.0.0/29 is subnetted, 1 subnets
C 65.217.209.40 is directly connected, Fast
S* 0.0.0.0/0 is directly connected, Serial0/0.1
One thing I noticed is when I show ip interface I do not see access-list 7 defined anywhere.
01-25-2002 07:23 AM
yes..i can ping the router from the internet. The public addresses work fine.
01-25-2002 08:23 AM
Why are you using the public address on the ethernet interface? It should be private address.
There isn't enough information in the config to help much more. I would guess that the problem lies with your NAT pool. Are ALL of the IPs in the range unused (except for NAT)? Are you POSITIVE that your ISP is forwarding the entire range to you?
You can try to:
disable NAT and use one of the NAT IP addresses on your ethernet interface.
Ping that interface from the Net.
Use PAT (overload on serial0.1)
Verify that the IP range you're using isn't the same as your serial interface's.
One of these should work... If you can't even use PAT, you have a more basic problem.
Mick.
01-25-2002 09:19 AM
Mick,
It seems to be working now. Although the web pages are not coming up real fast. Downloading a file is great.
I have the nat pool set to one address should I change that to muliple addresses?
Also, how do I update the router to save the config.
It seems like it loses it when the power is shut off to the router.
01-25-2002 09:45 AM
Yes. Unless you're using the "overload" statement on NAT, you need more than one IP address in your pool. Preferabley for as many inside users as will access the network. If you only have one, it will work for the first person, then fail for everyone else until it times out.
To save your config, use one of the following commands (they all do the same thing):
write memory
wr mem
copy running_config startup_config
copy run start
Mick.
01-25-2002 10:08 AM
You have been a big help.
Thanks.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: