Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

routing stops when nat is turned on

Hi, I have a Cisco 2621 with a ISDN WIC running 12.2(3) single DES and currently have public addressing setup(on FE0/0) and I'm trying to switch over to private space.

My idea was to take setup my private network on the available FE0/1. I set NAT up as a dynamic tranlation and in my pool only included 1 address(which is a public address not used on FE0/0). My problem as soon as i apply the 'ip nat outside' to my dialer 1 interface is that routing stops for the public addressed net on FE0/0. Nothing shows with a show ip nat tran(or stat). What is causing this? Is it that my address in my NAT pool exists on the FE0/0 network(although not being used)?

Thank you.

2 REPLIES
New Member

Re: routing stops when nat is turned on

Can you post the config leaving out stuff we don't want to see ?

New Member

Re: routing stops when nat is turned on

I hope this isn't too much. For aninimity I replaced our public net with 192.168.50.0 and changed some other numbering, but this is accurate of what I'm running.

Building configuration...

!

version 12.2

!

crypto isakmp policy 10

hash md5

authentication pre-share

crypto isakmp key keyname address 208.120.60.254

crypto isakmp key keyname address 216.80.75.68

!

!

crypto ipsec transform-set ecset esp-des esp-md5-hmac

!

crypto map ecmap 10 ipsec-isakmp

set peer 208.120.60.254

set transform-set ecset

match address 105

crypto map ecmap 11 ipsec-isakmp

set peer 216.80.75.68

set transform-set ecset

match address 106

!

interface FastEthernet0/0

description connected to EthernetLAN

ip address 192.168.50.193 255.255.255.192

no keepalive

duplex auto

speed auto

!

interface BRI0/0

description connected to Internet

bandwidth 64000

no ip address

ip access-group 101 in

encapsulation ppp

dialer rotary-group 1

isdn switch-type basic-ni

fair-queue

no cdp enable

crypto map ecmap

ip nat outside

!

interface FastEthernet0/1

description connected to Private LAN

ip address 192.168.110.1 255.255.255.0

no keepalive

duplex auto

speed auto

ip nat inside

!

interface Dialer1

ip address negotiated

ip access-group 101 in

encapsulation ppp

no ip split-horizon

dialer in-band

dialer idle-timeout 2147483

dialer hold-queue 1

dialer load-threshold 1 outbound

dialer-group 1

fair-queue 64 256 0

no cdp enable

ppp authentication chap pap callin

ppp multilink

crypto map ecmap

ip nat outside

!

interface Dialer2

ip unnumbered FastEthernet0/0

encapsulation ppp

ip tcp header-compression passive

no ip mroute-cache

dialer in-band

dialer-group 1

peer default ip address pool Cisco2621-Group-2

no cdp enable

ppp authentication pap

!

ip nat pool ecnat 192.168.50.254 192.168.50.254 prefix-length 26

ip nat inside source list 122 pool ecnat overload

ip nat inside source route-map nonat interface Dialer1 overload

ip classless

ip route 0.0.0.0 0.0.0.0 Dialer1

ip http server

ip http access-class 5

!

access-list 105 permit ip 192.168.50.192 0.0.0.63 208.120.60.224 0.0.0.31

access-list 105 deny ip 192.168.50.192 0.0.0.63 any

access-list 106 permit ip 192.168.50.192 0.0.0.63 host 216.80.75.68

access-list 106 permit ip 192.168.50.192 0.0.0.63 192.168.160.0 0.0.0.255

access-list 106 deny ip 192.168.50.192 0.0.0.63 any

access-list 122 deny ip 192.168.110.0 0.0.0.255 host 216.80.75.68

access-list 122 deny ip 192.168.110.0 0.0.0.255 208.120.60.224 0.0.0.31

access-list 122 permit ip 192.168.110.0 0.0.0.255 any

access-list 122 deny ip any any

route-map nonat permit 10

match ip address 122

!

end

94
Views
0
Helpful
2
Replies
CreatePlease login to create content