[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 973
  • Last Modified:

Cisco 831 NAT issue

Here is the problem. We have Cisco router 831 (12.3(7)T) with some static translations. Problem is that NAT translations has stopped working couple of days ago with no changes from our or ISP side. After reviewing config i saw that on external interface is missing 'ip nat outside' so i went to add it. how many times we add it it is never written in config. Here is copy&paste.

cisco01#conf t
Enter configuration commands, one per line.  End with CNTL/Z.
cisco01(config)#int eth1
cisco01(config-if)#ip nat outside
cisco01(config-if)#end
cisco01#

But however if we check config it will show it witout it and ofc routes will not work. Everything else will work, internet access and also VPN that is configured on those interfaces.  Does any1 has problem like this or a solution.

interface Ethernet0
 description Internal network
 ip address 192.168.0.1 255.255.255.0
 no ip redirects
 no ip proxy-arp
 ip nat inside
 ip route-cache flow
 ip tcp adjust-mss 1452
 no cdp enable
 crypto ipsec client ezvpn VPNacc inside
 hold-queue 32 in
!
interface Ethernet1
 description Outside
 ip address 192.168.2.2 255.255.255.0
 no ip redirects
 no ip proxy-arp
 duplex auto
 no cdp enable
 crypto ipsec client ezvpn VPNacc

Open in new window

0
RodeRidder
Asked:
RodeRidder
1 Solution
 
Don JohnstonInstructorCommented:
Do you get any type of notification or message that the command is rejected?
0
 
RodeRidderAuthor Commented:
Nope, as i showed in copy&paste:

cisco01#conf t
Enter configuration commands, one per line.  End with CNTL/Z.
cisco01(config)#int eth1
cisco01(config-if)#ip nat outside
cisco01(config-if)#end
cisco01#

So everything looks ok, lika command is accepted, but when i do sh run, it is not there and also translations are not working.
0
 
naughtonCommented:
have you tried to tftp the runing config to a PC, putting in the "ip nat outside" command in the file in the area of the eth1 interface,  then tftp the file to the start up config and restart the router.
0
Concerto's Cloud Advisory Services

Want to avoid the missteps to gaining all the benefits of the cloud? Learn more about the different assessment options from our Cloud Advisory team.

 
RodeRidderAuthor Commented:
No, did not try that, i will give a shot and report back here of result.
0
 
RodeRidderAuthor Commented:
Ok tryed that. Downloaded config, added 'ip nat outside' line, puted back config but now i got an error:

cisco01#copy tftp: running-config
Address or name of remote host []? 192.168.0.3
Source filename []? cisco01-confg
Destination filename [running-config]?
Accessing tftp://192.168.0.3/cisco01-confg...
Loading cisco01-confg from 192.168.0.3 (via Ethernet0): !!
[OK - 8016 bytes]

%NAT: Error activating CNBAR on the interface Ethernet1
Error:Only one outside interface is allowed per ezvpn configuration
8016 bytes copied in 3.104 secs (2582 bytes/sec)
cisco01#sh run

and in sh run i got that lines.

Did wr mem and reload.

After reload BOTH lines are gone, both ip nat inside on one int and ip nat outside on other.

Any suggestions?
0
 
wingateslCommented:
You should definitely upgrade the IOS version
0
 
RodeRidderAuthor Commented:
Yes, i reded som of problems here that people had with CNBAR, and they said to go to 12.3.8. BUT, what puzzels me is that this worked for over of 3 years, on same router with no config changes. So one day just stopped working.
0
 
naughtonCommented:
no no -
copy tftp start
reload

0
 
RodeRidderAuthor Commented:
Tryed that, same thing:

cisco01#copy tftp: start
Address or name of remote host []? 192.168.0.3
Source filename []? cisco01-confg
Destination filename [startup-config]?
Accessing tftp://192.168.0.3/cisco01-confg...
Loading cisco01-confg from 192.168.0.3 (via Ethernet0): !!
[OK - 8016 bytes]
[OK]
8016 bytes copied in 2.352 secs (3408 bytes/sec)
cisco01# reload

But after reload both lines with ip nat inside and outside are gone.
0

Featured Post

The IT Degree for Career Advancement

Earn your B.S. in Network Operations and Security and become a network and IT security expert. This WGU degree program curriculum was designed with tech-savvy, self-motivated students in mind – allowing you to use your technical expertise, to address real-world business problems.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now