Solved: Re: NAT issue when going across T1

Michael Murray · ‎06-03-2010

I have two sites with 1841 routers connected by a point-to-point T1. From subnet 192.168.1.0 /24 I can access the Internet via RTRA, as well as hosts on the 192.168.1.0/24 subnet, and NAT is working correctly. I cannot access the Internet from RTRB, nor can hosts on the 192.168.0.0/24 subnet, although I can ping the inside (192.168.1.254) and outside (23.154.63.107) interfaces on RTRA. When I try to ping 23.154.63.105 from the 192.168.0.0/24 subnet I get timed out and there are no NAT translations on RTRA:

RTRA#sh ip nat trans

RTRA#

RTRA Partial Config

controller T1 0/0/0

framing esf

linecode b8zs

cablelength long 0db

channel-group 1 timeslots 1-24

!

interface FastEthernet0/0

ip address 192.168.1.254 255.255.255.0

ip nat inside

ip virtual-reassembly

duplex auto

speed auto

!

interface FastEthernet0/1

ip address 23.154.63.107 255.255.255.248

ip nat outside

ip virtual-reassembly

duplex auto

speed auto

!

interface Serial0/0/0:1

ip address 172.31.2.1 255.255.255.252

!

ip forward-protocol nd

ip route 0.0.0.0 0.0.0.0 23.154.63.105

ip route 192.168.0.0 255.255.255.0 172.31.2.2

!

ip nat inside source list 1 interface FastEthernet0/1 overload

!

access-list 1 permit 192.168.0.0 0.0.0.255

access-list 1 permit 192.168.1.0 0.0.0.255

RTRB Partial Config

controller T1 0/0/0

framing esf

linecode b8zs

cablelength long 0db

channel-group 1 timeslots 1-24

!

interface FastEthernet0/0

ip address 192.168.0.254 255.255.255.0

ip helper-address 192.168.1.7

duplex auto

speed auto

!

interface FastEthernet0/1

no ip address

shutdown

duplex auto

speed auto

!

interface Serial0/0/0:1

ip address 172.31.2.2 255.255.255.252

!

ip forward-protocol nd

ip route 0.0.0.0 0.0.0.0 172.31.2.1

Komil Shamgunov · ‎06-03-2010

Hi Michael

Try to adding:

ip nat inside

on

interface Serial0/0/0:1

ip address 172.31.2.1 255.255.255.252

Regards,

Kamil

View solution in original post

Hitesh Vinzoda · ‎06-03-2010

Hi,

the ACL should not be any as it is not advised by Cisco.

use this one instead

access-list 1 permit 192.168.0.0 0.0.0.255

access-list 1 permit 192.168.1.0 0.0.0.255

There is no need of adding T1 interfaces in the ACL as the sources are 192.168.0.0/24 and .1.0/24

and

as suggested by one of the CSC expert configure

ip nat inside on the T1 interface

"ip nat inside"

HTH

Hitesh Vinzoda

Please rate useful posts

View solution in original post

Reza Sharifi · ‎06-03-2010

Hi Michael,

Try adding 172.31.2.0/30 to your access list (1) on RTRA and test again.

HTH

Reza

Michael Murray · ‎06-03-2010

Reza,

I tried that as well as just doing a permit any to take the ACL out of the equation. Still not NAT'ing.

Thanks,

-mike

Hitesh Vinzoda · ‎06-03-2010

Hi,

the ACL should not be any as it is not advised by Cisco.

use this one instead

access-list 1 permit 192.168.0.0 0.0.0.255

access-list 1 permit 192.168.1.0 0.0.0.255

There is no need of adding T1 interfaces in the ACL as the sources are 192.168.0.0/24 and .1.0/24

and

as suggested by one of the CSC expert configure

ip nat inside on the T1 interface

"ip nat inside"

HTH

Hitesh Vinzoda

Please rate useful posts

Komil Shamgunov · ‎06-03-2010

Hi Michael

Try to adding:

ip nat inside

on

interface Serial0/0/0:1

ip address 172.31.2.1 255.255.255.252

Regards,

Kamil

Michael Murray · ‎06-04-2010

Adding ip nat inside to my serial interface on RTRA did the trick and it's working now.

Thanks!

-mike