Solved

Cisco 877 NAT issues

Posted on 2009-07-09
1
360 Views
Last Modified: 2012-05-07
Hi,

I have a Cisco 877 router and it wont route between the LAN and WAN. I logged into the router and discovered that the router wasn't NAT/PAT'ing, as I could ping external ip addresses from the console of the router, but not from the network 192.168.1.0/24.

I know there is something wrong with my NAT/PAT config I just cant put my finger on it.
Could you guys please have a look at my config below and tell me what you think the issue could be.

Thanks

Mark
sh run

Building configuration...
 

Current configuration : 3311 bytes

!

version 12.4

no service pad

service timestamps debug datetime msec

service timestamps log datetime msec

service password-encryption

!

hostname Router

!

boot-start-marker

boot-end-marker

!

enable secret 5 

!

no aaa new-model

!

!

dot11 syslog

!

dot11 ssid wifi

   vlan 1

authentication open 

   authentication key-management wpa

   wpa-psk ascii 7 

!

ip cef

!

!

no ip domain lookup

!

!

!

username user privilege 15 secret 5 

! 

!

crypto isakmp policy 10

 hash md5

 authentication pre-share

 group 2

 lifetime 28800

!

crypto isakmp policy 11

 hash md5

 authentication pre-share

group 2

 lifetime 28800

crypto isakmp key (removed) address 10.10.10.10 no-xauth

crypto isakmp key (removed) address 10.10.10.11 no-xauth

!

!

crypto ipsec transform-set vpn1 esp-3des esp-md5-hmac 

crypto ipsec transform-set vpn2 esp-3des esp-md5-hmac 

!

crypto map tunnel1 10 ipsec-isakmp 

 description Tunnel to VPN1

 set peer 10.10.10.10

 set transform-set vpn1 

 match address 110

crypto map tunnel2 11 ipsec-isakmp 

 description Tunnel to VPN2

 set peer 10.10.10.11

 set transform-set vpn2 

 match address 111

!

archive

 log config

  hidekeys

!

!

!

!

!

interface ATM0

 description DSL operating

 no ip address

 no ip redirects

 no ip unreachables

 no ip proxy-arp

 ip route-cache flow

 no atm ilmi-keepalive

 dsl operating-mode auto 

!

interface ATM0.1 point-to-point

 no ip redirects

 no ip unreachables

 no ip proxy-arp

 ip mtu 1492

 no ip mroute-cache

 pvc 8/35 

  encapsulation aal5mux ppp dialer

 dialer pool-member 1

 !

!

interface FastEthernet0

!

interface FastEthernet1

!

interface FastEthernet2

!

interface FastEthernet3

!

interface Dot11Radio0

 no ip address

 no ip route-cache cef

 no ip route-cache

 shutdown

 !

 encryption vlan 1 mode ciphers tkip 

 !

 ssid dave

 !

 speed basic-1.0 basic-2.0 basic-5.5 6.0 9.0 basic-11.0 12.0 18.0 24.0 36.0 48.0 54.0

station-role root

 world-mode dot11d country AU both

!

interface Vlan1

 ip address 192.168.1.254 255.255.255.0

 ip nat inside

 ip virtual-reassembly

 ip tcp adjust-mss 1412

!

interface Dialer1

 ip address negotiated

 no ip redirects

 no ip unreachables

 no ip proxy-arp

 ip mtu 1492

 ip nat outside

 ip virtual-reassembly

 encapsulation ppp

 dialer pool 1

 dialer idle-timeout 2147483

 dialer-group 1

 no cdp enable

 ppp authentication pap callin

ppp chap hostname (removed)

 ppp chap password 7 (removed)

 ppp pap sent-username (removed)

!

ip forward-protocol nd

ip route 0.0.0.0 0.0.0.0 Dialer1

ip route 192.168.1.0 255.255.255.0 Vlan1

!

ip http server

no ip http secure-server

ip nat source list 100 interface Dialer1 overload

!

access-list 100 deny   ip 192.168.1.0 0.0.0.255 192.168.2.0 0.0.0.255

access-list 100 deny   ip 192.168.1.0 0.0.0.255 192.168.3.0 0.0.0.255

access-list 100 permit ip 192.168.1.0 0.0.0.255 any

access-list 100 deny   ip any any

access-list 110 permit ip 192.168.1.0 0.0.0.255 192.168.2.0 0.0.0.255

access-list 111 permit ip 192.168.1.0 0.0.0.255 192.168.3.0 0.0.0.255

!

!

!

control-plane

!

!

line con 0

 no modem enable

line aux 0

line vty 0 4

 password 7 

 login

!

scheduler max-task-time 5000

end

Open in new window

0
Comment
Question by:mark_06
1 Comment
 
LVL 6

Accepted Solution

by:
Elwin3 earned 500 total points
Comment Utility
Hi ,
I think the command should be:

ip nat inside source list 100 interface Dialer1 overload

try that.
0

Featured Post

What Security Threats Are You Missing?

Enhance your security with threat intelligence from the web. Get trending threat insights on hackers, exploits, and suspicious IP addresses delivered to your inbox with our free Cyber Daily.

Join & Write a Comment

Suggested Solutions

New Server 172.16.200.2  was moved from behind Router R2 f0/1 to behind router R1 int f/01 and has now address 172.16.100.2. But we want users still to be able to connected to it by old IP. How to do it ? We can used destination NAT (DNAT).  In DNAT…
There are two basic ways to configure a static route for Cisco IOS devices. I've written this article to highlight a case study comparing the configuration of a static route using the next-hop IP and the configuration of a static route using an outg…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

744 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

12 Experts available now in Live!

Get 1:1 Help Now