I am using a 1720 as my Internet gateway, and would like to better distribute the PAT translation load. Currently I am performing all translations on my serial0 interface. While this is working OK, I feel I may get better performance by creating pool using the free addresses in my net block and performing the translation on the pool. Here is my dilemma: When I apply the configuration below, I am not able to access anything with my browser. Even pings from my workstation to an outside address do not work. I performed a test where I assigned one of the IPs from my net block as a secondary IP on Fast Ethernet interface. I then attempted to ping it from one of my routers in a remote office. I was able to ping the address, so that tells me that my ISP has correctly routed my net block. Obviously the problem is in my configuration somewhere, and it's probably something simple that I can't see. I believe that the "ip nat pool" and the "ip nat inside source" statements are where the problems lie. When I go back to my original configuration with no NAT pool and perform translations on the WAN interface, (ip nat inside source list 1 interface serial0) it works fine.
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
boot system flash 1:aaa1376.bin
no logging console
enable password *********
memory-size iomem 25
clock timezone PST -8
clock summer-time PDT recurring
ip audit notify log
ip audit po max-events 100
ip nat inside source static tcp 192.168.0.10 5631 X.X.X.X 5631
ip nat inside source static tcp 192.168.0.10 5632 X.X.X.X 5632
ip nat inside source static udp 192.168.0.10 5631 X.X.X.X 5631
ip nat inside source static udp 192.168.0.10 5632 X.X.X.X 5632
ip address 192.168.1.1 255.255.255.0
ip broadcast-address 0.0.0.0
tunnel source Serial0
tunnel destination X.X.X.X
description Dedicated link to the Internet
ip address X.X.X.X 255.255.255.252
ip broadcast-address 0.0.0.0
ip nat outside
service-module t1 timeslots 1-24
ip address X.X.X.X 255.255.255.248 secondary
ip address 192.168.0.1 255.255.255.0
ip broadcast-address 192.168.0.1
ip nat inside
ip nat pool Genuity X.X.X.X X.X.X.X netmask 255.255.255.248
You may have more IP numbers than currently allocated but the subnetmask on your serial is 252. This allows four adresses but two of thes, the first and the last are reserved for network and broadcast adress. The remaining two are in use, one by each side of the link. With this subnetmask it will not be possible to use multiple IP adresses on the router.
I do not expect you to gain much from the change you propose. It works quite well as it does and spreading the source-ports for PAT will not change that.
Question We run asr9001 with XR 6.1.3, and we have a very long delay to
login w/ SSH 1 or 2 to the device compare to IOS device. After
investigation, the there is 1s delay between the client KEXDH_INIT and
the server (XR) KEXDH_REPLY. After debug ssh serv...
Introduction The purpose of this document is to demonstrate the Open
Shortest Path First (OSPF) behavior when the V-bit (Virtual-link bit) is
present in a non-backbone area. The V-bit is signaled in Type-1 LSA only
if the router is the endpoint of one or ...
Hi, I am seeing quite a few issues with patch install and wanted to
share my experience and workaround to this. Login to admin via CLI, then
access root with the “shell” command Issue “df –h” and you’ll probably
see the following directory full or nearly ...