Thank you for looking at this post. I have a bit of an issue that I cannot figure out.
I am attempting to setup a NAT configuration for an Internet provider but something is going on. I have changed the IP's below so they are not those for the actual provider.
FA0/0 is set to ip nat inside and Mult1 is set to ip nat outside (three T1's multilinked together).
I have setup the FA0/0 with a secondary address of 192.168.5.1/24.
The range for NAT is 126.96.36.199 - 254 with a /30 subnet. I have tried both with an overload configuration and without an overload.
When I do a sh ip nat trans on the router, I can see where a user 192.168.5.2 is translated to the first IP - 188.8.131.52. However, the user is not able to get to the Internet. They can ping actual IP addresses but anything requring a DNS lookup doesn't appear to be working.
The DNS server is working, however. The user does an nslookup and gets to their DNS server and can do lookups.
Here is some more information:
The provider has two Class C ranges:
FA0/0 is set with the following IPs:
IP access list 1 is set to permit 192.168.5.0 0.0.0.255
DNS servers are 184.108.40.206 and 220.127.116.11
When the user sets their IP to 192.168.5.2, they can ping anything in the 18.104.22.168/24 and 22.214.171.124/24 range without any problem - as well as the 192.168.5.0/24 range.
The provider has current users setup with static IPs in the 126.96.36.199/24 network range up until the NAT pool as listed above. There are also static IP users in the 188.8.131.52/24 network.
I am completely at a loss as to what is going on because I have looked through several other NAT resources to no avail. The user can ping and trace route to IP addresses on the Internet - but not DNS-based although DNS lookups are working without any problem.
It would be nice to see the actual configs. However, I did notice one thing. If you want your NAT pool to span 184.108.40.206 -.254, the subnet mask you should be using is /29, not /30.
I am wondering if this one user has a browser configuration that uses a proxy server or a configuration script that is overriding the manual settings. Yes, he is successful when he tries to access Internet addresses from a DOS screen (nslookup), but when doing so with the browser, it seems to be failing. I would like to see another user get on the network and run some tests with him.
have you tried TELNETing to an Internet address on port 80 to see if the conenction goes through?
example: PC DOS PROMPT> telnet 220.127.116.11 80
This is what I can think of so far. I hope this can help you.
This is actually a pretty cool feature, i didn't even know it existed until I was looking for a solution to advertise a subnet (prefix in BGP talk), only if a certain condition existed. This is exactly what conditional advertisements does
j ai une question j ai achete un routeur cisco 887VA-k9 , je le configuré avec la configuration ci- dessous
si je le lier avec mon pc portable sur l un de ses ports directement ça marche toute est bien ( la connexion internet + m...
Attached policy provides CLI access to the Cisco 4G router over text messaging. Two files are in the attached .tar file:
2. PDF with instructions on how to load and use the .tcl file.