Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

PAT config. Problems

I am using a 1720 as my Internet gateway, and would like to better distribute the PAT translation load. Currently I am performing all translations on my serial0 interface. While this is working OK, I feel I may get better performance by creating pool using the free addresses in my net block and performing the translation on the pool. Here is my dilemma: When I apply the configuration below, I am not able to access anything with my browser. Even pings from my workstation to an outside address do not work. I performed a test where I assigned one of the IPs from my net block as a secondary IP on Fast Ethernet interface. I then attempted to ping it from one of my routers in a remote office. I was able to ping the address, so that tells me that my ISP has correctly routed my net block. Obviously the problem is in my configuration somewhere, and it's probably something simple that I can't see. I believe that the "ip nat pool" and the "ip nat inside source" statements are where the problems lie. When I go back to my original configuration with no NAT pool and perform translations on the WAN interface, (ip nat inside source list 1 interface serial0) it works fine.

service timestamps debug uptime

service timestamps log uptime

no service password-encryption

!

hostname ********

!

boot system flash 1:aaa1376.bin

no logging console

enable password *********

!

!

!

!

memory-size iomem 25

clock timezone PST -8

clock summer-time PDT recurring

ip subnet-zero

!

ip audit notify log

ip audit po max-events 100

!

ip nat inside source static tcp 192.168.0.10 5631 X.X.X.X 5631

ip nat inside source static tcp 192.168.0.10 5632 X.X.X.X 5632

ip nat inside source static udp 192.168.0.10 5631 X.X.X.X 5631

ip nat inside source static udp 192.168.0.10 5632 X.X.X.X 5632

!

!

interface Tunnel0

ip address 192.168.1.1 255.255.255.0

ip broadcast-address 0.0.0.0

tunnel source Serial0

tunnel destination X.X.X.X

!

interface Serial0

description Dedicated link to the Internet

ip address X.X.X.X 255.255.255.252

ip broadcast-address 0.0.0.0

ip nat outside

no fair-queue

service-module t1 timeslots 1-24

!

interface FastEthernet0

ip address X.X.X.X 255.255.255.248 secondary

ip address 192.168.0.1 255.255.255.0

ip broadcast-address 192.168.0.1

ip nat inside

speed auto

!

ip nat pool Genuity X.X.X.X X.X.X.X netmask 255.255.255.248

ip nat inside source list 1 pool Genuity overload

ip classless

ip route 0.0.0.0 0.0.0.0 serial0

ip route 10.1.1.0 255.255.255.0 Tunnel0

no ip http server

!

access-list 1 permit 192.168.0.0 0.0.0.255

!

line con 0

exec-timeout 0

transport input none

line aux 0

line vty 0 4

password *******

!

end

2 REPLIES

Re: PAT config. Problems

You may have more IP numbers than currently allocated but the subnetmask on your serial is 252. This allows four adresses but two of thes, the first and the last are reserved for network and broadcast adress. The remaining two are in use, one by each side of the link. With this subnetmask it will not be possible to use multiple IP adresses on the router.

I do not expect you to gain much from the change you propose. It works quite well as it does and spreading the source-ports for PAT will not change that.

Regards,

Leo

New Member

Re: PAT config. Problems

Thank's Leo.

I'll let the sleeping dog lie.

84
Views
0
Helpful
2
Replies
CreatePlease login to create content