cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
743
Views
0
Helpful
2
Replies

Router won't route (NAT)

chapmanmays
Level 1
Level 1

I have a router that won't route. I am swapping out one router for another, bringing up different legs of the network one at a time. The configuration is similar between the two routers.

I believe that I have tracked this down to the nat configuration, but I haven't been able to get anything to work. The router connects to an ISP using PPPoE with a dynamically assigned IP address. This is the only public interface. All the other interfaces are inside. Once the PPPoE session is established, I can ping the next hop as well as servers on Internet (DNS, Yahoo, etc.) from the router console.

What I can't do is access the Internet from a client on an internal interface. When I do show ip nat translations, there are no translations shown.

Here is most of my configuration file:

!

no aaa new-model

!

no network-clock-participate slot 2

no network-clock-participate slot 4

!

dot11 syslog

ip source-route

!

ip cef

!

!

no ip dhcp use vrf connected

ip dhcp excluded-address 192.168.4.1

ip dhcp excluded-address 192.168.5.1

!

ip dhcp pool ccp-pool1

network 192.168.4.0 255.255.255.0

domain-name test.xxxx.com

dns-server 4.2.2.6 4.2.2.5

default-router 192.168.4.1

!

ip dhcp pool voip

import all

network 192.168.5.0 255.255.255.0

domain-name voip.xxxx.com

dns-server 4.2.2.6 4.2.2.5

default-router 192.168.5.1

!

!

ip domain name xxxx.com

ip name-server 4.2.2.6

ip name-server 4.2.2.5

no ipv6 cef

!

multilink bundle-name authenticated

!

!

!

!

!

voice-card 0

!

!

!

!

!

!

!

crypto pki token default removal timeout 0

!

!

!

!

license udi pid CISCO3845-MB sn FOC09195YM4

username user privilege 15 secret 5 xxxx

!

redundancy

!

!

no ip ftp passive

!

!

!

!

!

!

!

!

interface Loopback0

ip address 192.168.2.1 255.255.255.0

!

interface GigabitEthernet0/0

no ip address

no ip redirects

no ip unreachables

no ip proxy-arp

ip virtual-reassembly in

ip tcp adjust-mss 1452

shutdown

duplex auto

speed auto

media-type rj45

pppoe enable group global

pppoe-client dial-pool-number 1

!

interface GigabitEthernet0/1

no ip address

duplex auto

speed auto

media-type rj45

!

interface GigabitEthernet0/1.1

description $ETH-LAN$

encapsulation dot1Q 400

ip address 192.168.4.1 255.255.255.0

ip nat inside

ip virtual-reassembly in

!

interface GigabitEthernet0/1.2

description $ETH-LAN$

encapsulation dot1Q 500

ip address 192.168.5.1 255.255.255.0

ip nat inside

ip virtual-reassembly in

!

interface Serial0/0/0

no ip address

shutdown

clock rate 2000000

!

interface ATM1/0

no ip address

shutdown

no atm ilmi-keepalive

no atm enable-ilmi-trap

!

interface FastEthernet2/0

no ip address

shutdown

duplex auto

speed auto

!

interface FastEthernet2/1

no ip address

shutdown

duplex auto

speed auto

!

interface FastEthernet4/0

no ip address

no ip redirects

no ip unreachables

no ip proxy-arp

ip virtual-reassembly in

ip tcp adjust-mss 1452

duplex auto

speed auto

pppoe enable group global

pppoe-client dial-pool-number 1

!

interface FastEthernet4/1

no ip address

shutdown

duplex auto

speed auto

!

interface Dialer1

ip address negotiated

ip nat outside

ip virtual-reassembly in

encapsulation ppp

dialer pool 1

dialer-group 1

ppp authentication pap chap callin

ppp chap hostname pppoe

ppp chap password 0 pppoepppoe

ppp pap sent-username pppoe password 0 pppoepppoe

ppp ipcp route default

no cdp enable

!

ip forward-protocol nd

ip http server

no ip http secure-server

!

ip route 0.0.0.0 0.0.0.0 Dialer1

!

no aaa new-model
!
no network-clock-participate slot 2
no network-clock-participate slot 4
!
dot11 syslog
ip source-route
!
ip cef

!

no ip dhcp use vrf connected

ip dhcp excluded-address 192.168.4.1

ip dhcp excluded-address 192.168.5.1

!

ip dhcp pool ccp-pool1

network 192.168.4.0 255.255.255.0

dns-server 4.2.2.6 4.2.2.5

default-router 192.168.4.1

!

ip dhcp pool pool2
network 192.168.5.0 255.255.255.0
dns-server 4.2.2.6 4.2.2.5
default-router 192.168.5.1

!

ip name-server 4.2.2.6
ip name-server 4.2.2.5
no ipv6 cef

!

multilink bundle-name authenticated

!

voice-card 0

!

crypto pki token default removal timeout 0

!

redundancy

!

no ip ftp passive

!

interface Loopback0

ip address 192.168.2.1 255.255.255.0

!

interface GigabitEthernet0/0

no ip address

duplex auto

speed auto

media-type rj45

!

interface GigabitEthernet0/1

no ip address

duplex auto

speed auto

media-type rj45

!

interface GigabitEthernet0/1.1

description $ETH-LAN$

encapsulation dot1Q 400

ip address 192.168.4.1 255.255.255.0

ip nat inside

ip virtual-reassembly in

!

interface GigabitEthernet0/1.2

description $ETH-LAN$

encapsulation dot1Q 500

ip address 192.168.5.1 255.255.255.0

ip nat inside

ip virtual-reassembly in

!

interface FastEthernet2/0

no ip address

shutdown

duplex auto

speed auto

!

interface FastEthernet2/1

no ip address

shutdown

duplex auto

speed auto

!

interface FastEthernet4/0

no ip address

no ip redirects

no ip unreachables

no ip proxy-arp

ip virtual-reassembly in

ip tcp adjust-mss 1452

duplex auto

speed auto

pppoe enable group global

pppoe-client dial-pool-number 1

!

interface FastEthernet4/1

no ip address

shutdown

duplex auto

speed auto

!

interface Dialer1

ip address negotiated

ip nat outside

ip virtual-reassembly in

encapsulation ppp

dialer pool 1

dialer-group 1

ppp authentication pap chap callin

ppp chap hostname pppoe

ppp chap password 0 pppoepppoe

ppp pap sent-username pppoe password 0 pppoepppoe

ppp ipcp route default

no cdp enable

!

ip forward-protocol nd

ip http server

no ip http secure-server

!

!

ip route 0.0.0.0 0.0.0.0 Dialer1

!

!

1 Accepted Solution

Accepted Solutions

Giuseppe Larosa
Hall of Fame
Hall of Fame

Hello Chapman,

in order to have NAT working you need a global statement like the following

ip nat inside source list 1 interface Dialer1 overload

access-list 1 permit 192.168.4.0 0.0.0.255

Up to now you have just declared what interface is NAT  inside and what interface is NAT outside (dialer1) but this is not enough.

Hope to help

Giuseppe

View solution in original post

2 Replies 2

Giuseppe Larosa
Hall of Fame
Hall of Fame

Hello Chapman,

in order to have NAT working you need a global statement like the following

ip nat inside source list 1 interface Dialer1 overload

access-list 1 permit 192.168.4.0 0.0.0.255

Up to now you have just declared what interface is NAT  inside and what interface is NAT outside (dialer1) but this is not enough.

Hope to help

Giuseppe

I don't see how I missed that one! It was in the original configuration, just buried. Thanks for your help!

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: