Cisco 2620 NAT Issues

Zanthor
Zanthor used Ask the Experts™
on
I've got a Cisco 2620 hooked up to a T1 and it's connected to the world nicely.  I've configured NAT for the internal network which I'm running on the ip space of 10.241.82.*, with the IP of 10.241.82.1 being utilized by a server on my network that I do not have access too.

This is the first time I've setup a full blown router like this, but I think I have a fairly firm grasp on whats going on, but one thing keeps evading me....

On my DSL Router at home, I have one external IP, and have many machines that connect to the internet through said router.  They all appear to be coming from ONE ip address.  On this Cisco 2620, it appears I've assigned a pool of IP's to be used, and as such, only 5 machines can connect outbound at once....

It only makes sense that I could configure this to allow all my internal machines connections, but I can't figure out what i'm doing wrong, please help! :D

The other thing that confuses me, is the Serial interface has an IP thats accessable to the world (As I'd expect) however the F0/0 interface does as well, but it's on a different class (Classes are a bit fuzzy, but where the serial is 123.123.123.123 the f0/0 is 213.213.213.213)...

The config is as follows:
!
version 12.2
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
!
hostname Router
!
no logging console
enable password [Censored]
!
ip subnet-zero
!
!
!
!
!
!
interface FastEthernet0/0
 ip address 10.241.82.251 255.255.255.0 secondary
 ip address XIP.XIP.XIP.XIP 255.255.255.248
 ip nat inside
 duplex auto
 speed auto
!
interface Serial0/0
 ip address XIP.XIP.XIP.XIP 255.255.255.252
 ip nat outside
!
interface Serial0/0.1
 ip nat outside
!
ip nat pool foo XIP.XIP.XIP.113 XIP.XIP.XIP.118 netmask 255.255.255.0
ip nat inside source list 1 pool foo
ip classless
ip route 0.0.0.0 0.0.0.0 Serial0/0
ip route 0.0.0.0 255.255.255.0 Serial0/0.1
ip http server
ip pim bidir-enable
!
!
line con 0
 password [Censored]
line aux 0
line vty 0 4
 password [Censored]
 login
!
end

Thanks,

Will Dobbins
Geek 4 Hire
Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®

Commented:
Where is access list 1 as referred to in:

ip nat inside source list 1 pool foo

Can you restate your question?  What exactly are you trying to do?  Allow more clients internally to connect?  First off, you will need to make sure the clients are allowed to connect as specified in the access list 1.  Secondly, you will need to add "overload to the ip nat pool command:

ip nat pool foo XIP.XIP.XIP.113 XIP.XIP.XIP.118 netmask 255.255.255.0 overload

This will allow multiple clients to use the last address in the pool using PAT, similar to how your DSL router works at home.  Hopefully that helps you with what you are trying to accomplish.

Author

Commented:
When I try to append overload to the end of:
ip nat pool foo XIP.XIP.XIP.113 XIP.XIP.XIP.118 netmask 255.255.255.0

It balks at me, the only options that appear when I ? is:
type

which then gives the options of:
match-host
rotary

I coulda swore earlier it was allowing me to add overload...

As for the access list, somehow I missed that, when I added it back using:
access-list 1 permit 10.241.82.10 10.241.82.29

the show run command shows it as:
access-list 1 permit 0.0.0.2 10.241.82.29

Which confuses me...

I'll be hovering over this thread hoping for help :) Your other posts to other threads have already been most helpful getting me this far!

Author

Commented:
The limitation on the access list isn't really required so I changed the access-list to be

access-list 1 permit any

Now to get the overload thing worked out, is rotary what i'm after?
Ensure you’re charging the right price for your IT

Do you wonder if your IT business is truly profitable or if you should raise your prices? Learn how to calculate your overhead burden using our free interactive tool and use it to determine the right price for your IT services. Start calculating Now!

Commented:
I'll have to look into the overload problem.

The access list you are making does not understand ranges.  It understands addresses and masks.  Do this instead:

access-list 1 permit 10.241.82.10 255.255.255.254
access-list 1 permit 10.241.82.12 255.255.255.252
access-list 1 permit 10.241.82.16 255.255.255.248
access-list 1 permit 10.241.82.24 255.255.255.252
access-list 1 permit 10.241.82.28 255.255.255.254

That will help with that.

Commented:
Just saw your last post - that works fine too!
Commented:
OK - massive brain fart.

Overload goes at the end of the "ip nat inside" command.

ip nat inside source list 1 pool foo overload

Sorry!

Author

Commented:
Great help, apprecaite it!

Got the router doing the job we need, and life is happy!

Commented:
Glad to hear it!

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial