3825 Router PAT configuration problem.

sayedahmads · ‎06-28-2012

I have cisco 3825 router with two interface one with public ip 182.50.190.140 and the other with private ip 192.168.1.1 and the DNS is 66.28.0.45, I configured NAT overload on it to access internet I can ping public ip nad default gateway but cannot ping dns and neither internet can be accesed.

following are the configurations.

Current configuration : 3045 bytes

!

version 12.4

service timestamps debug datetime msec

service timestamps log datetime msec

no service password-encryption

!

hostname R1

!

boot-start-marker

boot-end-marker

!

logging message-counter syslog

!

no aaa new-model

!

dot11 syslog

ip source-route

ip cef

!

--More--

ip dhcp pool noc

import all

network 192.168.1.0 255.255.255.0

dns-server 66.28.0.45

default-router 192.168.1.1

!

ip domain name noc

ip name-server 66.28.0.45

ip name-server 4.2.2.5

multilink bundle-name authenticated

!

crypto pki trustpoint TP-self-signed-1732394243

enrollment selfsigned

subject-name cn=IOS-Self-Signed-Certificate-1732394243

revocation-check none

rsakeypair TP-self-signed-1732394243

!

crypto pki certificate chain TP-self-signed-1732394243

certificate self-signed 01

3082023E 308201A7 A0030201 02020101 300D0609 2A864886 F70D0101 04050030

31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274

69666963 6174652D 31373332 33393432 3433301E 170D3132 30363238 30373137

35365A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649

4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D31 37333233

39343234 3330819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281

8100952B 9734D85D 1C566AC4 0648A999 F0CDD1B8 4FE87878 80F92DF3 F48CFE88

0D0D7CC2 DEC55623 4091FE03 288994E1 8EA99592 9E69DB02 B961A748 7534C3A0

B4C781DC 8390FECA 576C23AC E0384AD3 A88DC767 0ECF95EB 01749B8A 272F70FB

579BAD74 74A1F6E6 5887E5D6 B57F160B D2D4BA13 0DFE0F37 EA6E41AC 2B267491

95970203 010001A3 66306430 0F060355 1D130101 FF040530 030101FF 30110603

551D1104 0A300882 0652312E 6E6F6330 1F060355 1D230418 30168014 E0B5F2C8

BC1BC49D A917EBA0 59751280 FB78BC84 301D0603 551D0E04 160414E0 B5F2C8BC

1BC49DA9 17EBA059 751280FB 78BC8430 0D06092A 864886F7 0D010104 05000381

810014F5 E5E26052 59CBDFB0 5E593ED5 93006065 C654B96A FB3666CB 23297D0C

66683A79 40DEC588 C8E1CE8B 73CE2D8A B7D6574A A97C0583 7EF2DB28 4D1694E2

06D79FC3 A306C3D8 19C08E23 56BF02A7 6CDF7664 B13EE6E3 58A4D873 5037764F

71EB7B2F 6B903071 B3C36A50 5A9024CA 9FD1C86E D2203E6C 4AE0FE4E B0A28898 6CE9

quit

!

username noc privilege 15 password 0 noc

archive

log config

hidekeys

!

interface GigabitEthernet0/0

ip address 182.50.190.140 255.255.255.0

ip nat outside

ip virtual-reassembly

duplex auto

speed auto

media-type rj45

!

interface GigabitEthernet0/1

ip address 192.168.1.1 255.255.255.0

ip nat inside

ip virtual-reassembly

duplex auto

speed auto

media-type rj45

!

ip default-gateway 182.50.190.254

ip forward-protocol nd

ip route 0.0.0.0 0.0.0.0 GigabitEthernet0/0

!

ip http server

ip http authentication local

ip http secure-server

!

ip dns server

ip nat inside source list 1 interface GigabitEthernet0/0 overload

!

access-list 1 permit 192.168.1.0 0.0.0.255

access-list 1 permit 66.28.0.0 0.0.0.255

access-list 2 permit 66.28.0.0 0.0.0.255

!

control-plane

!

line con 0

line aux 0

line vty 0 4

login local

transport input telnet ssh

!

scheduler allocate 20000 1000

end

cadet alain · ‎06-28-2012

Hi,

no ip route 0.0.0.0 0.0.0.0 Gig0/0

ip route 0.0.0.0 0.0.0.0 182.50.190.254

no access-list 1

access-list 1 permit 192.168.1.0 0.0.0.255

clear ip nat tra *

Regards.

Alain

Don't forget to rate helpful posts.

handoko wiyanto · ‎06-28-2012

hi sayed,

i believe Alain have the answer.

i just saying that if you post your router config, i think its better if you mask some value on the router config such as username/password/some ip public. even with the service password endcrption enable, nowadays there are tools to reveal the password.

regards,