Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

NAT Problemsa

I have a leased line which i am using to connect to the internet using the NAT protocol. i have a pool of three real ip addresses given by my ISP of which two have been given to specific PCs(2 PCs ).

The third has been overloaded for the rest of the PCs. To my surprise only the two PCs are the ones able to browse the internet.

The following is the nat configguration:

=======================================================================

Cisco_2611_IT#sh conf

Using 3022 out of 29688 bytes

!

version 12.0

service config

service timestamps debug uptime

service timestamps log uptime

service password-encryption

!

hostname Cisco_2611_IT

!

ip subnet-zero

ip host salima 192.168.112.99

ip host Limbe 192.168.10.26

ip host BlantyrePayPoint 192.168.10.1

ip host MaselemaPayPoint 192.168.10.5

ip host LimbePayPoint 192.168.10.25

ip host Blantyre 192.168.10.2

ip host Zomba 192.168.10.22

ip host Mzuzu 192.168.30.30

ip host mangochi 192.168.30.22

ip host LilongweOldTown 192.168.10.14

ip host LilongweCityCentre 192.168.10.18

ip host Maselema 192.168.10.6

!

!

!

interface Ethernet0/0

ip address 192.168.100.207 255.255.255.0

no ip directed-broadcast

ip nat inside

!

interface Serial0/0

description Connecting MTL Head Office(Maselema)

bandwidth 64

ip address 192.168.30.6 255.255.255.252

ip directed-broadcast

ip nat inside

no ip mroute-cache

!

interface Ethernet0/1

ip address 192.168.240.1 255.255.255.0

no ip directed-broadcast

ip nat inside

bridge-group 1

!

interface Serial0/1

description Connecting Salima Customer Care Centre

ip address 192.168.30.9 255.255.255.252

no ip directed-broadcast

ip nat inside

no cdp enable

!

interface Serial1/0

description Connecting Ntcheu CCC

ip address 192.168.40.6 255.255.255.0

no ip directed-broadcast

ip nat inside

no cdp enable

!

interface Serial1/1

description Connecting M-Streams

ip address 192.168.10.16 255.255.255.0

no ip directed-broadcast

ip nat inside

no cdp enable

!

interface Serial1/2

description Connecting Leland Internet Gateway

ip address 10.xx.x.0.0.0

no ip directed-broadcast

ip nat outside

no cdp enable

!

interface Serial1/3

description Connecting Ngabu CCC

ip address 192.168.40.11 255.255.255.0

no ip directed-broadcast

ip nat inside

no cdp enable

!

router rip

version 2

no validate-update-source

redistribute connected

network 10.0.0.0

network 62.0.0.0

network 128.1.0.0

network 192.168.10.0

network 192.168.30.0

network 192.168.40.0

network 192.168.100.0

network 192.168.116.0

network 192.168.240.0

neighbor 10.10.10.1

!

ip nat pool Internet_Access 62.192.143.x 62.192.143.x netmask 255.255.255.252

ip nat inside source list 7 pool Internet_access overload

ip nat inside source static 192.168.100.8 62.192.143.x

ip nat inside source static 192.168.100.10 62.192.143.x

ip classless

ip route 0.0.0.0 0.0.0.0 10.10.10.1

!

access-list 7 permit 192.168.100.0 0.0.0.255

dialer-list 1 protocol ip permit

dialer-list 1 protocol ipx permit

snmp-server community public RO

bridge 1 protocol dec

banner motd ^C

!

line con 0

exec-timeout 0 0

logging synchronous

transport input none

line aux 0

line vty 0 4

password xxxx

login

!

no scheduler allocate

end

=======================================================================

In other words both the source static configuration are workink ok.

I tried to swap the ip addresses but still couldnt work

What could be the problem?

2 REPLIES
Bronze

Re: NAT Problemsa

Hi

As you say are the static nat entries working.

But with what source ip addresses are you trying to get to the internet? In the config i see that you got several interfaces as ip nat inside.

So mabye you have to extend the acl 7 with the other subnets.

Hope that helps you

Roger

New Member

Re: NAT Problemsa

Someone else already mentioned checking ACL 7, as it will only match hosts with addresses in the 192.168.100.0/24 network - in case your hosts are not in that range.

Also, if that configuration matches what's in your router, there is a case mismatch between where you define your NAT pool and where you define the rule. Try using capital A in your rule or redefine your pool with it lowercase.

87
Views
0
Helpful
2
Replies