Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people, just like you, are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
Solved

Cisco MWR1941 PAT (NAT overload)

Posted on 2009-07-14
6
1,043 Views
Last Modified: 2012-05-07
I am trying to get PAT (NAT overloading) to work on a recent purchase I have made...the Cisco MWR1941 router. I have gotten this to work before using an 871w with the same ISP and the same LAN credentials but for some reason the IOS/configuration is being finicky this time around. I have included the configuration information that is needed to figure out my problem.

This router has two interfaces: FastEthernet0/0 and FastEthernet0/1

Here is what currently happens:
* From the router console I can ping any Internet address, resolve hosts, etc. I can also ping each interface address and every computer that I have on my LAN (connected through a switch).
*From any PC on the LAN I can ping the gateway (FA0/0 interface) and also can ping the Router's WAN interface (FA0/1).

Here's what doesn't happen:
* Getting beyond the WAN interface from the LAN

The fact that I am able to ping the WAN ip but not my router's next hop (eg. its gateway) boggles me. Things are mostly working but not quite. Are there any suggestions on what I should be looking at?
!
redundancy
  mode y-cable
!
ip subnet-zero
!
!
!
ip dhcp pool lake
   import all
   network 10.10.10.0 255.255.255.0
   dns-server 167.206.245.11 167.206.245.129 
   default-router 10.10.10.254 
   lease 0 1
!
!
!
!
interface FastEthernet0/0
 ip address 10.10.10.254 255.255.255.0
 ip nat inside
 duplex auto
 speed auto
!
interface FastEthernet0/1
 ip address dhcp
 ip nat outside
 duplex auto
 speed auto
 no cdp enable
!
ip nat log translations syslog
ip nat translation timeout 120
ip nat translation tcp-timeout 120
ip nat translation udp-timeout 120
ip nat inside source list 101 interface FastEthernet0/1 overload
no ip http server
ip classless
ip route 0.0.0.0 0.0.0.0 FastEthernet0/1
!
!
!
access-list 101 permit ip any any
!

Open in new window

0
Comment
Question by:ajr9166
  • 2
  • 2
6 Comments
 
LVL 7

Expert Comment

by:blue-screen
ID: 24856570
- What version IOS code?

- What does "show ip nat translations" show?

Looks perfect.  Maybe there is some bug with DHCP assigned outisde addresses and NAT.  That is the only thing approaching unusual.

Also, using an extended access lists is unusual.  It *should* work, but try with a simple access list, e.g.

access-list 5 permit ip any

and then use source-list 5.

If that works I think you found a bug.
0
 
LVL 12

Expert Comment

by:Faruk Onder Yerli
ID: 24857216
plese delete below string. DHCP will assign default route for you.
ip route 0.0.0.0 0.0.0.0 FastEthernet0/1

Also please change Access-list as below.
access-list 101 permit ip 10.10.10.0 0.0.0.255 any

NAT will start to work.


0
 
LVL 1

Author Comment

by:ajr9166
ID: 24860033
Here is some information I have gathered after playing this morning.

IOS Version from show version:
---
IOS (tm) 1900 Software (MWR1900-I-M), Version 12.2(15)MC2a, RELEASE SOFTWARE (fc1)
---
New issue with no static route (manually configured) and new access-list configuration. I cannot ping the WAN interface on the router from my internal LAN:
---
Pinging 68.196.208.1 with 32 bytes of data:

Reply from 10.10.10.254: Destination net unreachable.
Reply from 10.10.10.254: Destination net unreachable.
Reply from 10.10.10.254: Destination net unreachable.
Reply from 10.10.10.254: Destination net unreachable.

Ping statistics for 68.196.208.1:
    Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 0ms, Maximum = 0ms, Average = 0ms
---

I have removed the ip route 0.0.0.0 0.0.0.0... line. I have also tried both access-list suggestions mentioned above (101 and 5). However, under 101 I do not get any results under "sh ip nat translations" so I have stuck with the 5 rule, modified as "access-list 5 permit 10.10.10.0 any. This does give results under "sh ip nat translations."

I don't specifically remember, but I am pretty sure I cannot ping any Internet IP from the Router and I certainly cannot ping any LAN IP except for the LAN gateway (LAN interface on the router). I have a feeling this is due to me removing the "ip route ..." line even though a "sh ip rout" DOES show the default gateway being configured properly via DHCP.
0
 
LVL 12

Assisted Solution

by:Faruk Onder Yerli
Faruk Onder Yerli earned 125 total points
ID: 24860079
did you close and open fast ethernet 1 interface. it will take itself  after delete static and restart interface.

you must see 0.0.0.0 network when your write "sh ip route" command.
0
 
LVL 7

Accepted Solution

by:
blue-screen earned 125 total points
ID: 24861150
Apparently,  you should REMOVE all static routes and then reset the interface (shut/no shut or initiate a DHCP renewal), and then DHCP will install the learned DHCP default route with an admin distance of 254 (all other overlapping  static routes will override it).

As a last resort: you can learn that default router IP address from the provider for the default gateway, even in a DHCP scenario.  Find out that IP address and set

ip route 0.0.0.0 0.0.0.0 x.x.x.x

You can also find it out by attaching a PC to the cable modem and seeing the assigned default gateway.
0

Featured Post

PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Tools to detect weak WiFi routers prior connecting to it 14 138
Open a port on Cisco Router 1941 23 42
Vlan to Vlan communication 9 116
Is WiFi half-duplex or Full -duplex 4 60
In this tutorial I will show you with short command examples how to obtain a packet footprint of all traffic flowing thru your Juniper device running ScreenOS. I do not know the exact firmware requirement, but I think the fprofile command is availab…
It happens many times that access list (ACL) have to be applied to outgoing router interface in order to limit some traffic.This article is about how to test ACL from the router which is not very intuitive for everyone. Below scenario shows simple s…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

861 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question