Link to home
Create AccountLog in
Avatar of Argile76
Argile76Flag for United States of America

asked on

NAT Configuration not working

I am able to NAT if I  source the ping from FE1 or Valn1 but any hosts on the inside network (192.168.1.0/24) it does not NAT. Please review my configuration:


version 12.4
service config
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname XXX-XXX
!
boot-start-marker
boot-end-marker
!
logging buffered 4096 debugging
no logging console

!
no aaa new-model
!
resource policy
!
no ip routing
!
!
no ip cef
!
!
!
!
!
!
!
!
!
!
!
interface FastEthernet0
 description WAN INTERFACE
 ip address xx.xx.xx.xx 255.255.255.0
 ip access-group INBOUND in
 ip access-group OUTBOUND out
 ip nat outside
 ip virtual-reassembly
 no ip route-cache
 duplex auto
 speed auto
!
interface FastEthernet1
 ip address 192.168.1.1 255.255.255.0
 ip nat inside
 ip virtual-reassembly
 no ip route-cache
 duplex auto
 speed auto
!
interface FastEthernet2
!
interface FastEthernet3
!
interface FastEthernet4
!
interface FastEthernet5
!
interface FastEthernet6
!
interface FastEthernet7
!
interface FastEthernet8
!
interface FastEthernet9
!
interface Vlan1
 description INSIDE LAN INTERFACE
 ip address 192.168.1.253 255.255.255.0
 ip nat inside
 ip virtual-reassembly
 no ip route-cache
!
interface Async1
 no ip address
 encapsulation slip
 no ip route-cache
!
ip route 0.0.0.0 0.0.0.0 xx.xx.xx.xx
!
!
no ip http server
no ip http secure-server
ip nat inside source static tcp 192.168.1.12 27605 interface FastEthernet0 27605
ip nat inside source static tcp 192.168.1.12 3581 interface FastEthernet0 3581
ip nat inside source static tcp 192.168.1.12 3597 interface FastEthernet0 3597
ip nat inside source static tcp 192.168.1.12 3645 interface FastEthernet0 3645
ip nat inside source static tcp 192.168.1.12 3646 interface FastEthernet0 3646
ip nat inside source static tcp 192.168.1.12 3725 interface FastEthernet0 3725
ip nat inside source static udp 192.168.1.12 1027 interface FastEthernet0 1027
ip nat inside source static udp 192.168.1.12 1283 interface FastEthernet0 1283
ip nat inside source static tcp 192.168.1.12 3389 interface FastEthernet0 3389
ip nat inside source static tcp 192.168.1.15 389 interface FastEthernet0 389
ip nat inside source static udp 192.168.1.15 389 interface FastEthernet0 389
ip nat inside source static tcp 192.168.1.15 53 interface FastEthernet0 53
ip nat inside source static tcp 192.168.1.15 80 interface FastEthernet0 80
ip nat inside source static tcp 192.168.1.15 3127 interface FastEthernet0 3127
ip nat inside source static tcp 192.168.1.15 3128 interface FastEthernet0 3128
ip nat inside source static tcp 192.168.1.15 81 interface FastEthernet0 81
ip nat inside source static tcp 192.168.1.15 8080 interface FastEthernet0 8080
ip nat inside source static tcp 192.168.1.15 8000 interface FastEthernet0 8000
ip nat inside source static tcp 192.168.1.15 8888 interface FastEthernet0 8888
ip nat inside source static tcp 192.168.1.15 443 interface FastEthernet0 443
ip nat inside source static tcp 192.168.1.15 143 interface FastEthernet0 143
ip nat inside source static tcp 192.168.1.15 993 interface FastEthernet0 993
ip nat inside source static tcp 192.168.1.15 88 interface FastEthernet0 88
ip nat inside source static tcp 192.168.1.15 3268 interface FastEthernet0 3268
ip nat inside source static tcp 192.168.1.15 691 interface FastEthernet0 691
ip nat inside source static tcp 192.168.1.15 110 interface FastEthernet0 110
ip nat inside source static tcp 192.168.1.15 135 interface FastEthernet0 135
ip nat inside source static tcp 192.168.1.15 445 interface FastEthernet0 445
ip nat inside source static tcp 192.168.1.15 25 interface FastEthernet0 25
ip nat inside source static udp 192.168.1.15 53 interface FastEthernet0 53
ip nat inside source static tcp 192.168.1.15 21 interface FastEthernet0 21
ip nat inside source route-map NAT interface FastEthernet0 overload
!
ip access-list extended INBOUND
 permit tcp any any eq 27605 log-input
 permit tcp any any eq 3581 log-input
 permit tcp any any eq 3597 log-input
 permit tcp any any eq 3645 log-input
 permit tcp any any eq 3646 log-input
 permit tcp any any eq 3725 log-input
 permit udp any any eq 1027 log-input
 permit udp any any eq 1283 log-input
 permit tcp any any eq 3389 log-input
 permit tcp any any eq 389 log-input
 permit udp any any eq 389 log-input
 permit tcp any any eq domain log-input
 permit tcp any any eq www log-input
 permit tcp any any eq 81 log-input
 permit tcp any any eq 8080 log-input
 permit tcp any any eq 8888 log-input
 permit tcp any any eq 8000 log-input
 permit tcp any any eq 3127 log-input
 permit tcp any any eq 3128 log-input
 permit tcp any any eq 443 log-input
 permit tcp any any eq 143 log-input
 permit tcp any any eq 993 log-input
 permit tcp any any eq 88 log-input
 permit tcp any any eq 3286 log-input
 permit tcp any any eq 691 log-input
 permit tcp any any eq pop3 log-input
 permit tcp any any eq 135 log-input
 permit tcp any any eq 445 log-input
 permit tcp any any eq smtp log-input
 permit udp any any eq domain log-input
 permit tcp any any eq ftp log-input
 permit icmp any any log-input
 evaluate EVAL-OUTBOUND
 deny   ip any any log-input
ip access-list extended OUTBOUND
 permit ip any any reflect EVAL-OUTBOUND
 deny   ip any any log-input
!
access-list 10 permit 192.168.1.0 0.0.0.255
!
!
!
route-map NAT permit 10
 match ip address 10
!
!
!
!
control-plane
!
!
line con 0
line 1
 modem InOut
 stopbits 1
 speed 115200
 flowcontrol hardware
line aux 0
line vty 0 4
 
 login
!
!
webvpn context Default_context
 ssl authenticate verify all
 !
 no inservice
!
end
ASKER CERTIFIED SOLUTION
Avatar of JFrederick29
JFrederick29
Flag of United States of America image

Link to home
membership
Create a free account to see this answer
Signing up is free and takes 30 seconds. No credit card required.
See answer
Avatar of Argile76

ASKER

I believe ip routing is enabled by default on Cisco Routers.
I just notice the no ip routing I have issued the command. Let me test it out.
Thank you sir. I should have caught that.